Home > Security > Advisories

Advisories

Mandriva Advisories

Package name gv
Date November 17th, 2006
Advisory ID MDKSA-2006:214
Affected versions CS3.0, 2006.0, 2007.0, CS4.0
Synopsis Updated gv packages fix buffer overflow vulnerability

Problem Description

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU
gv 3.6.2, and possibly earlier versions, allows user-assisted attackers
to execute arbitrary code via a PostScript (PS) file with certain
headers that contain long comments, as demonstrated using the
DocumentMedia header.

Packages have been patched to correct this issue.

Updated Packages

Corporate Server 3.0

 7d48d9f5848d68634903602b9c74e201  corporate/3.0/i586/gv-3.5.8-31.1.C30mdk.i586.rpm 
 8802de3f3264171d1a01e63bad0fb5a2  corporate/3.0/SRPMS/gv-3.5.8-31.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 f311ea2a2f426eaf0b12388e9701170a  corporate/3.0/x86_64/gv-3.5.8-31.1.C30mdk.x86_64.rpm 
 8802de3f3264171d1a01e63bad0fb5a2  corporate/3.0/SRPMS/gv-3.5.8-31.1.C30mdk.src.rpm

Mandriva Linux 2006

 ce4424472e46670b330f6002505f872d  2006.0/i586/gv-3.6.1-4.2.20060mdk.i586.rpm 
 86e5b4a6b2a85ac41ec8e5afa1a8316c  2006.0/SRPMS/gv-3.6.1-4.2.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 45235ffad1a29f06b97c4398522d4109  2006.0/x86_64/gv-3.6.1-4.2.20060mdk.x86_64.rpm 
 86e5b4a6b2a85ac41ec8e5afa1a8316c  2006.0/SRPMS/gv-3.6.1-4.2.20060mdk.src.rpm

Mandriva Linux 2007

 6e1283be29d02cc561a4f70d691aa2ab  2007.0/i586/gv-3.6.1-7.1mdv2007.0.i586.rpm 
 8adc972aaae161da8792bc53188144f2  2007.0/SRPMS/gv-3.6.1-7.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 14dc71ab4e90e9ff5a710a26d9fbbc74  2007.0/x86_64/gv-3.6.1-7.1mdv2007.0.x86_64.rpm 
 8adc972aaae161da8792bc53188144f2  2007.0/SRPMS/gv-3.6.1-7.1mdv2007.0.src.rpm

Corporate Server 4.0

 bcacc5d595ece53e589089b2f0ee79f4  corporate/4.0/i586/gv-3.6.1-4.2.20060mlcs4.i586.rpm 
 28881d7af1aa98d3f1fa77498a6b7c5c  corporate/4.0/SRPMS/gv-3.6.1-4.2.20060mlcs4.src.rpm

Corporate Server 4.0/X86_64

 83ce335c19110b08f0c09bae1367258a  corporate/4.0/x86_64/gv-3.6.1-4.2.20060mlcs4.x86_64.rpm 
 28881d7af1aa98d3f1fa77498a6b7c5c  corporate/4.0/SRPMS/gv-3.6.1-4.2.20060mlcs4.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.