DSA-1037-1 zgv -- programming error

Debian Security Advisory

DSA-1037-1 zgv -- programming error

Date Reported:

21 Apr 2006

Affected Packages:

zgv

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2006-1060.

More information:

Andrea Barisani discovered that zgv, an svgalib graphics viewer, attempts to decode JPEG images within the CMYK/YCCK colour space incorrectly, which could lead to the execution of arbitrary code.

For the old stable distribution (woody) this problem has been fixed in version 5.5-3woody3.

For the stable distribution (sarge) this problem has been fixed in version 5.7-1.4.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your zgv package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Source:

http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody3.dsc

http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody3.diff.gz

http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5.orig.tar.gz

Intel IA-32:

http://security.debian.org/pool/updates/main/z/zgv/zgv_5.5-3woody3_i386.deb

Debian GNU/Linux 3.1 (sarge)

Source:

http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7-1.4.dsc

http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7-1.4.diff.gz

http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7.orig.tar.gz

Intel IA-32:

http://security.debian.org/pool/updates/main/z/zgv/zgv_5.7-1.4_i386.deb

MD5 checksums of the listed files are available in the original advisory.