[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] buffer overflow in gv



Topic
=====
buffer overflow in gv allows execution of arbitrary code

Problem Description
===================
A buffer overflow was discovered in gv versions 3.5.8 and earlier.
The problem is triggered by scanning a file and can be
exploited by an attacker sending a malformed PostScript or PDF file.
This would result in arbitrary code being executed with the privilege of
the user viewing the file.  ggv uses code derived from gv and has the
same vulnerability.

Affected Versions
=================
gv versions 3.5.8 and earlier

Solution
========
upgrade to patched version for your distribution

RedHat 6.2
----------
rpm -Fvh gv-3.5.8-18.6x.i386.rpm

RedHat 7.0, 7.1
---------------
rpm -Fvh gv-3.5.8-18.7x.i386.rpm

RedHat 7.2, 7.3
---------------
rpm -Fvh gv-3.5.8-18.7x.i386.rpm ggv-1.0.2-5.1.i386.rpm

RedHat 8.0
----------
rpm -Fvh gv-3.5.8-19.i386.rpm ggv-1.99.9-5.i386.rpm

Debian 2.2 (potato)
-------------------
upgrade to gv_3.5.8-17.1_i386.deb, gnome-gv_0.82-2.1_i386.deb

Debian 3.0 (woody)
------------------
upgrade to gv_3.5.8-26.1_i386.deb, gnome-gv_1.1.96-3.1_i386.deb

Mandrake 8.0
------------
rpm -Fvh gv-3.5.8-18.1mdk.i586.rpm ggv-1.1.0-1.1mdk.i586.rpm

Mandrake 8.1
------------
rpm -Fvh gv-3.5.8-27.1mdk.i586.rpm ggv-1.1.0-1.1mdk.i586.rpm

Mandrake 8.2
------------
rpm -Fvh gv-3.5.8-27.1mdk.i586.rpm ggv-1.1.94-2.1mdk.i586.rpm

Mandrake 9.0
------------
rpm -Fvh gv-3.5.8-27.1mdk.i586.rpm ggv-1.99.9-1.1mdk.i586.rpm