RHEL 2.1 : ggv (RHSA-2002:211)

medium Nessus Plugin ID 12325

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated packages for gv, ggv, and kdegraphics fix a local buffer overflow when reading malformed PDF or PostScript files.

[Updated 07 Jan 2003] Added fixed packages for the Itanium (IA64) architecture.

[Updated 06 Feb 2003] Added fixed packages for Advanced Workstation 2.1

Gv and ggv are user interfaces for the Ghostscript PostScript(R) interpreter used to display PostScript and PDF documents on an X Window System. KGhostview is the PostScript viewer for the K Desktop Environment.

Zen Parse found a local buffer overflow in gv version 3.5.8 and earlier. An attacker can create a carefully crafted malformed PDF or PostScript file in such a way that when that file is viewed arbitrary commands can be executed.

ggv and kghostview contain code derived from gv and therefore have the same vulnerability.

All users of gv, ggv, and kghostview are advised to upgrade to the errata packages which contain patches to correct the vulnerability.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/cve-2002-0838

https://marc.info/?l=bugtraq&m=103305778615625&w=2

https://access.redhat.com/errata/RHSA-2002:211

Plugin Details

Severity: Medium

ID: 12325

File Name: redhat-RHSA-2002-211.nasl

Version: 1.23

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:ggv, p-cpe:/a:redhat:enterprise_linux:gv, p-cpe:/a:redhat:enterprise_linux:kdegraphics, p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2/5/2003

Vulnerability Publication Date: 10/10/2002

Reference Information

CVE: CVE-2002-0838

RHSA: 2002:211