______________________________________________________________________ Mandrake Linux Security Update Advisory ______________________________________________________________________ Package name: gv/ggv Advisory ID: MDKSA-2002:069 Date: October 21st, 2002 Affected versions: 8.0, 8.1, 8.2, 9.0 ______________________________________________________________________ Problem Description: A buffer overflow was discovered in gv versions 3.5.8 and earlier by Zen Parse. The problem is triggered by scanning a file and can be exploited by an attacker sending a malformed PostScript or PDF file. This would result in arbitrary code being executed with the privilege of the user viewing the file. ggv uses code derived from gv and has the same vulnerability. These updates provide patched versions of gv and ggv to fix the vulnerabilities. ______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0838 ______________________________________________________________________ Updated Packages: Mandrake Linux 8.0: aca930358576d4c66d35aed5aeefa95a 8.0/RPMS/ggv-1.1.0-1.1mdk.i586.rpm f6aa48b291ccff0bb412d75d3e39676d 8.0/RPMS/gv-3.5.8-18.1mdk.i586.rpm 29ee29ef7e8a620bb097ba15894863d8 8.0/SRPMS/ggv-1.1.0-1.1mdk.src.rpm 8ba83f2a2e36130c654ddcdc5e3fa12d 8.0/SRPMS/gv-3.5.8-18.1mdk.src.rpm Mandrake Linux 8.0/ppc: c691fe132f0b3f1fb98d07a9fd13eaec ppc/8.0/RPMS/ggv-1.1.0-1.1mdk.ppc.rpm c676d9cf3027aad59c9bcd999dbc0395 ppc/8.0/RPMS/gv-3.5.8-18.1mdk.ppc.rpm 29ee29ef7e8a620bb097ba15894863d8 ppc/8.0/SRPMS/ggv-1.1.0-1.1mdk.src.rpm 8ba83f2a2e36130c654ddcdc5e3fa12d ppc/8.0/SRPMS/gv-3.5.8-18.1mdk.src.rpm Mandrake Linux 8.1: 15a10fe4997b50ab85550bdb127a3c40 8.1/RPMS/ggv-1.1.0-1.1mdk.i586.rpm e0c77ebef5f605695cb56891792b7d1a 8.1/RPMS/gv-3.5.8-27.1mdk.i586.rpm 29ee29ef7e8a620bb097ba15894863d8 8.1/SRPMS/ggv-1.1.0-1.1mdk.src.rpm 7a68b2646f2e096e361d588c294b667e 8.1/SRPMS/gv-3.5.8-27.1mdk.src.rpm Mandrake Linux 8.1/ia64: ff2f0007298994ad02a3c0d3854ac8cf ia64/8.1/RPMS/ggv-1.1.0-1.1mdk.ia64.rpm bf7937d85a5afc8130b15a3e53a97932 ia64/8.1/RPMS/gv-3.5.8-27.1mdk.ia64.rpm 29ee29ef7e8a620bb097ba15894863d8 ia64/8.1/SRPMS/ggv-1.1.0-1.1mdk.src.rpm 7a68b2646f2e096e361d588c294b667e ia64/8.1/SRPMS/gv-3.5.8-27.1mdk.src.rpm Mandrake Linux 8.2: aa48a69b54c65b95c7e275e7b629e80b 8.2/RPMS/ggv-1.1.94-2.1mdk.i586.rpm f8e4b712a41d12def21a472fb9254d2c 8.2/RPMS/gv-3.5.8-27.1mdk.i586.rpm 8af9571addcf36698f79adac159991bb 8.2/SRPMS/ggv-1.1.94-2.1mdk.src.rpm 7a68b2646f2e096e361d588c294b667e 8.2/SRPMS/gv-3.5.8-27.1mdk.src.rpm Mandrake Linux 8.2/ppc: 605009f1dd90aba3bb97feb20b64a8ff ppc/8.2/RPMS/ggv-1.1.94-2.1mdk.ppc.rpm dadf1eb3b820217c938e26aab444a95b ppc/8.2/RPMS/gv-3.5.8-27.1mdk.ppc.rpm 8af9571addcf36698f79adac159991bb ppc/8.2/SRPMS/ggv-1.1.94-2.1mdk.src.rpm 7a68b2646f2e096e361d588c294b667e ppc/8.2/SRPMS/gv-3.5.8-27.1mdk.src.rpm Mandrake Linux 9.0: 264e443b2016667412a551e3c244b39d 9.0/RPMS/ggv-1.99.9-1.1mdk.i586.rpm 7b41b1ac7af9cc7b219dbf0098eb157a 9.0/RPMS/gv-3.5.8-27.1mdk.i586.rpm 753664cc3cd3a8ce0b22a58631ef4c94 9.0/SRPMS/ggv-1.99.9-1.1mdk.src.rpm 7a68b2646f2e096e361d588c294b667e 9.0/SRPMS/gv-3.5.8-27.1mdk.src.rpm ______________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ______________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig <filename> All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from: https://www.mandrakesecure.net/RPM-GPG-KEYS Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security@linux-mandrake.com ______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security@linux-mandrake.com>
Mandrake Linux Advisory: gv/ggv
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis