Debian: DSA 608-1 Critical: Zgv Integer Overflows Threat and Fix
debian
December 14, 2004
Several vulnerabilities have been discovered in zgv, an SVGAlib graphics viewer for the i386 architecture.
Topics Covered
Summary
Luke Macken and "infamous41md" independently discoverd multiple
integer overflows in zgv. Remote exploitation of an integer
overflow vulnerability could allow the execution of arbitrary
code.
CAN-2004-0999
Mikulas Patocka discovered that malicious multiple-image (e.g.
animated) GIF images can cause a segmentation fault in zgv.
For the stable distribution (woody) these problems have been fixed in
version 5.5-3woody1.
For the unstable distribution (sid) these problems will be fixed soon.
We recommend that you upgrade your zgv package immediately.
Upgrade Instructions
--------------------wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
--------------------------------------------------------------------------Package: zgv
CVE ID: CAN-2004-1095 CAN-2004-0999
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!