Mandrake Linux Security Advisory : gv (MDKSA-2006:214-1)
Medium Nessus Plugin ID 24599
SynopsisThe remote Mandrake Linux host is missing a security update.
DescriptionStack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.
Packages have been patched to correct this issue.
The patch used in the previous update still left the possibility of causing X to consume unusual amounts of memory if gv is used to view a carefully crafted image designed to exploit CVE-2006-5864. This update uses an improved patch to address this issue.
SolutionUpdate the affected gv package.