- Issued:
- 2003-02-06
- Updated:
- 2003-02-05
RHSA-2002:211 - Security Advisory
Synopsis
ggv security update
Type/Severity
Security Advisory: Important
Topic
Updated packages for gv, ggv, and kdegraphics fix a local buffer overflow
when reading malformed PDF or PostScript files.
[Updated 07 Jan 2003]
Added fixed packages for the Itanium (IA64) architecture.
[Updated 06 Feb 2003]
Added fixed packages for Advanced Workstation 2.1
Description
Gv and ggv are user interfaces for the Ghostscript PostScript(R)
interpreter used to display PostScript and PDF documents on an X Window
System. KGhostview is the PostScript viewer for the K Desktop Environment.
Zen Parse found a local buffer overflow in gv version 3.5.8 and earlier.
An attacker can create a carefully crafted malformed PDF or PostScript file
in such a way that when that file is viewed arbitrary commands can be executed.
ggv and kghostview contain code derived from gv and therefore have the same
vulnerability.
All users of gv, ggv, and kghostview are advised to upgrade to the errata
packages which contain patches to correct the vulnerability.
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Affected Products
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Workstation 2 ia64
Fixes
(none)CVEs
References
(none)
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.