[Frugalware-security] [ FSA-58 ] gv

voroskoi noreply at frugalware.org
Fri Nov 24 00:49:23 CET 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-58

Date: 2006-11-24
Package: gv
Vulnerable versions: <= 3.6.1-3
Unaffected versions: >= 3.6.1-4siwenna1
Related bugreport: http://bugs.frugalware.org/task/1462
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864

Description
===========

Renaud Lifchitz has reported a vulnerability in GNU gv, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the &quot;ps_gettext()&quot; function in ps.c. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted PostScript file.

Updated Packages
================

Check if you have gv installed:

	# pacman -Q gv

If found, then you should upgrade to the latest version:

	# pacman -Sy gv

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFFZjODZ7NElSD1VhkRAtQjAKCSN3MMrXS29xO6L4XgUdf/lOUT1QCeM/Tb
0VLcLLr4UjpnncFo4NhYdvs=
=TGBW
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list