Back
Linux Security
Linux Security
Linux Security

Debian: zgv arbitrary code execution fix

Date 14 Dec 2004
Category Debian Linux Distribution - Security Advisories
6744
Posted By Joe Shakespeare
Several vulnerabilities have been discovered in zgv, an SVGAlib graphics viewer for the i386 architecture. 

--------------------------------------------------------------------------
Debian Security Advisory DSA 608-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                             Martin Schulze
December 14th, 2004                     https://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : zgv
Vulnerability  : integer overflows, unsanitised input
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-1095 CAN-2004-0999
BugTraq ID     : 11556

Several vulnerabilities have been discovered in zgv, an SVGAlib
graphics viewer for the i386 architecture.  The Common Vulnerabilities
and Exposures Project identifies the following problems:

CAN-2004-1095

    Luke Macken and "infamous41md" independently discoverd multiple
    integer overflows in zgv.  Remote exploitation of an integer
    overflow vulnerability could allow the execution of arbitrary
    code.

CAN-2004-0999

    Mikulas Patocka discovered that malicious multiple-image (e.g.
    animated) GIF images can cause a segmentation fault in zgv.

For the stable distribution (woody) these problems have been fixed in
version 5.5-3woody1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your zgv package immediately.


Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

    https://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody2.dsc
      Size/MD5 checksum:      601 f6114a026863db918a6bd9a6cc201a97
    https://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody2.diff.gz
      Size/MD5 checksum:     8541 f501ad407808235577b2bc746ddfe4e6
    https://security.debian.org/pool/updates/main/z/zgv/zgv_5.5.orig.tar.gz
      Size/MD5 checksum:   329235 629386a4df72f6ec007319bf12db1374

  Intel IA-32 architecture:

    https://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody2_i386.deb
      Size/MD5 checksum:   211772 36e675c74bafb546e5f6fb0da36385c3


  These files will probably be moved into the stable distribution on
  its next update.

---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and https://packages.debian.org/

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox

Related News

Google issues Chrome update patching seven security vulnerabilities
Google issues Chrome update patching seven security vulnerabilities
Camera hack peels back layers of embedded Linux
Camera hack peels back layers of embedded Linux
How open source security flaws pose a threat to organizations
How open source security flaws pose a threat to organizations
Looking for a CentOS Replacement? Start Here
Looking for a CentOS Replacement? Start Here

Advisories

Debian LTS: DLA-2631-1: zabbix security update
Date 21 Apr 2021 @ 08:41
RedHat: RHSA-2021-1313:01 Moderate: Satellite 6.9 Release
Date 21 Apr 2021 @ 06:52
RedHat: RHSA-2021-1315:01 Moderate: java-1.8.0-openjdk security update
Date 21 Apr 2021 @ 06:51
SciLinux: SLSA-2021-1298-1 Moderate: java-1.8.0-openjdk on x86_64
Date 21 Apr 2021 @ 06:01

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"52","type":"x","order":"1","pct":80,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"8","type":"x","order":"2","pct":12.31,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":7.69,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200
Phishing Is The #1 Cybersecurity Threat Businesses Face

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Our Cookie Policy