|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:214-1: gv Vulnerability Scan
Vulnerability Scan Summary Check for the version of the gv package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:214-1 (gv).
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU
gv 3.6.2, and possibly earlier versions, allows user-assisted attackers
to execute arbitrary code via a PostScript (PS) file with certain
headers that contain long comments, as demonstrated using the
DocumentMedia header.
Packages have been patched to correct this issue.
Update:
The patch used in the previous update still left the possibility of
causing X to consume unusual amounts of memory if gv is used to view a
carefully crafted image designed to exploit CVE-2006-5864. This update
uses an improved patch to address this issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:214-1
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|