GNU gv "ps_gettext()" Buffer Overflow Vulnerability (CVE-2006-5864)

Debian Bug report logs - #398292
GNU gv "ps_gettext()" Buffer Overflow Vulnerability (CVE-2006-5864)

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Stefan Fritsch <sf@sfritsch.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: GNU gv "ps_gettext()" Buffer Overflow Vulnerability

Date: Sun, 12 Nov 2006 22:07:22 +0100

Package: gv
Version: 1:3.6.2-1
Severity: grave
Tags: security
Justification: user security hole

A vulnerability has been found in gv. From
http://secunia.com/advisories/22787/ :

"Renaud Lifchitz has reported a vulnerability in GNU gv, which can be exploited
by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the "ps_gettext()"
function in ps.c. This can be exploited to cause a stack-based buffer overflow
by e.g. tricking a user into opening a specially crafted PostScript file.

The vulnerability is reported in version 3.6.2. Other versions may also be
affected."


More information is at
http://sysdream.com/article.php?story_id=258&section_id=78

Message #12 received at 398292-close@bugs.debian.org (full text, mbox, reply):

From: Christoph Berg <myon@debian.org>

To: 398292-close@bugs.debian.org

Subject: Bug#398292: fixed in gv 1:3.6.2-2

Date: Mon, 13 Nov 2006 09:17:15 -0800

Source: gv
Source-Version: 1:3.6.2-2

We believe that the bug you reported is fixed in the latest version of
gv, which is due to be installed in the Debian FTP archive:

gv_3.6.2-2.diff.gz
  to pool/main/g/gv/gv_3.6.2-2.diff.gz
gv_3.6.2-2.dsc
  to pool/main/g/gv/gv_3.6.2-2.dsc
gv_3.6.2-2_amd64.deb
  to pool/main/g/gv/gv_3.6.2-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 398292@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Berg <myon@debian.org> (supplier of updated gv package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 13 Nov 2006 15:39:11 +0100
Source: gv
Binary: gv
Architecture: source amd64
Version: 1:3.6.2-2
Distribution: unstable
Urgency: high
Maintainer: Christoph Berg <myon@debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description: 
 gv         - PostScript and PDF viewer for X
Closes: 398292
Changes: 
 gv (1:3.6.2-2) unstable; urgency=high
 .
   * Apply patch by Werner Fink to fix ps_gettext() buffer overflow
     vulnerability (Closes: #398292, CVE-2006-5864).
   * Put @dircategory before @direntry so that it still works as debhelper
     doesn't parse INFO-DIR-SECTION anymore (See: #337215, Blame: texinfo).
Files: 
 d7812df010eaede7871df95efbfc5c0b 567 text optional gv_3.6.2-2.dsc
 09d4dadd1e0cb6bd07dfc4764c781038 12425 text optional gv_3.6.2-2.diff.gz
 2f89df4a1aa68a3e93b5039c89aad5a4 181326 text optional gv_3.6.2-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFWKUXxa93SlhRC1oRAkhfAKC3UfHSiU6Mzkq9Ay4YSn8aF6x6dACeIYDa
KyjERcR4/25Unl8lBWerzBE=
=MaTk
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.