LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 27th, 2014
Linux Advisory Watch: October 24th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: 'gv' Buffer overflow vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian This problem is triggered by scanning the PostScriptfile and can be exploited by an attacker sending a malformedPostScript or PDF file. The attacker is able to cause arbitrary codeto be run with the privileges of the victim.

--------------------------------------------------------------------------
Debian Security Advisory DSA 176-1                     security@debian.org 
http://www.debian.org/security/                             Martin Schulze
October 16th, 2002                       http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : gv
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE Id         : CAN-2002-0838
BugTraq ID     : 5808

Zen-parse discovered a buffer overflow in gv, a PostScript and PDF
viewer for X11.  This problem is triggered by scanning the PostScript
file and can be exploited by an attacker sending a malformed
PostScript or PDF file.  The attacker is able to cause arbitrary code
to be run with the privileges of the victim.

This problem has been fixed in version 3.5.8-26.1 for the current
stable distribution (woody), in version 3.5.8-17.1 for the old stable
distribution (potato) and version 3.5.8-27 for the unstable
distribution (sid).

We recommend that you upgrade your gv package.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 2.2 alias potato
---------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1.dsc
      Size/MD5 checksum:      555 3aa3cb663f578cbf02c09f370951a814
     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1.diff.gz
      Size/MD5 checksum:    29382 2e9e7149b69bf36a80632c8b695b6495
     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8.orig.tar.gz
      Size/MD5 checksum:   369609 8f2f0bd97395d6cea52926ddee736da8

  Alpha architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_alpha.deb
      Size/MD5 checksum:   278646 b12dd5fef60ff840b3921a511eb28c74

  ARM architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_arm.deb
      Size/MD5 checksum:   238918 52892bea304128845836b4c9976d39a3

  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_i386.deb
      Size/MD5 checksum:   226416 4f44d7df45cec7b132c1c7c9a6ba84ea

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_m68k.deb
      Size/MD5 checksum:   217712 2decb437f1a28beac92edb63f3d31444

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_powerpc.deb
      Size/MD5 checksum:   244382 cb3bd27b214e391ada83ce0593e16715

  Sun Sparc architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-17.1_sparc.deb
      Size/MD5 checksum:   237878 ba1bdf19f68f62d36c8f58c015867287


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1.dsc
      Size/MD5 checksum:      559 e7a2b5dfb91d7217d1b171b24682ea41
     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1.diff.gz
      Size/MD5 checksum:    18453 f9910a58912e1a6fbaef33ff4fe27b94
     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8.orig.tar.gz
      Size/MD5 checksum:   369609 8f2f0bd97395d6cea52926ddee736da8

  Alpha architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_alpha.deb
      Size/MD5 checksum:   273262 6cb8adebf56cc25ef43d1358636dc9ca

  ARM architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_arm.deb
      Size/MD5 checksum:   243382 2707a8a87e133a45cc2a98dd223e7c8f

  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_i386.deb
      Size/MD5 checksum:   226106 304f32b84e6497612222a26c9dc5c1fd

  Intel IA-64 architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_ia64.deb
      Size/MD5 checksum:   313888 522c58c4d2fecb99424533c4980d1409

  HP Precision architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_hppa.deb
      Size/MD5 checksum:   252054 aa50a00ebb6d5c304ec94bbf1e65a2c9

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_m68k.deb
      Size/MD5 checksum:   216922 d11c3c10e70fb1593ce15c2b6c3863be

  Big endian MIPS architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_mips.deb
      Size/MD5 checksum:   252064 6b944b4c04f4488ea380063bdf3324ad

  Little endian MIPS architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_mipsel.deb
      Size/MD5 checksum:   250914 87afee172cf73ed91ad0449fadd9bb4b

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_powerpc.deb
      Size/MD5 checksum:   243450 9c77e9860e1044bc4c7b9a7b054e8a4d

  IBM S/390 architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_s390.deb
      Size/MD5 checksum:   232784 96242f88c593319e0d3fddef928c47d2

  Sun Sparc architecture:

     http://security.debian.org/pool/updates/main/g/gv/gv_3.5.8-26.1_sparc.deb
      Size/MD5 checksum:   237798 e5091427da6e76dbb9bb34cf03e94647


  These files will probably be moved into the stable distribution on
  its next revision.

---------------------------------------------------------------------------------
For apt-get: deb  http://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hackers Are Using Gmail Drafts to Update Their Malware and Steal Data
Hackers target unclassified White House network
BYOD: Why the biggest security worry is the fool within rather than the enemy without
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.