Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=215136
Summary: CVE-2006-5864: gv <= 3.6.2 stack-based buffer overflow Product: Fedora Extras Version: fc6 Platform: All URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5864 OS/Version: Linux Status: NEW Severity: normal Priority: normal Component: gv AssignedTo: orion@cora.nwra.com ReportedBy: ville.skytta@iki.fi QAContact: extras-qa@fedoraproject.org CC: extras-qa@fedoraproject.org,fedora-security- list@redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5864
"Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header."
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-5864: gv <= 3.6.2 stack-based buffer overflow
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=215136
deisenst@gtw.net changed:
What |Removed |Added ---------------------------------------------------------------------------- OtherBugsDependingO| |215265 nThis| |
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-5864: gv <= 3.6.2 stack-based buffer overflow
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=215136
michal@harddata.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |high CC| |michal@harddata.com
------- Additional Comments From michal@harddata.com 2006-12-04 12:09 EST ------- Mandriva Linux Security Advisory, MDKSA-2006:214-1, says the following:
"The patch used in the previous update still left the possibility of causing X to consume unusual amounts of memory if gv is used to view a carefully crafted image designed to exploit CVE-2006-5864. This update uses an improved patch to address this issue."
For patches see, for example, gv-3.6.1-4.3.20060mdk.src.rpm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-5864: gv <= 3.6.2 stack-based buffer overflow
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=215136
orion@cora.nwra.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |CURRENTRELEASE Fixed In Version| |3.6.2-2
------- Additional Comments From orion@cora.nwra.com 2006-12-05 14:42 EST ------- Thanks for the references. Fixed in 3.6.2-2.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-5864: gv <= 3.6.2 stack-based buffer overflow
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=215136
------- Additional Comments From ville.skytta@iki.fi 2006-12-06 12:39 EST ------- For info for people interested in older distros: the patch has been applied in Extras for FC5+ only, not FC4 at the moment.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2006-5864: gv <= 3.6.2 stack-based buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=215136
bugzilla@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|normal |medium Product|Fedora Extras |Fedora
security@lists.fedoraproject.org