|
Family: Debian Local Security Checks --> Category: infos
[DSA676] DSA-676-1 xpcd Vulnerability Scan
Vulnerability Scan Summary DSA-676-1 xpcd
Detailed Explanation for this Vulnerability Test
Erik Sjölund discovered a buffer overflow in pcdsvgaview, an SVGA
PhotoCD viewer. xpcd-svga is part of xpcd and uses svgalib to display
graphics on the Linux console for which root permissions are required.
A malicious user could overflow a fixed-size buffer and may cause the
program to execute arbitrary code with elevated rights.
For the stable distribution (woody) this problem has been fixed in
version 2.08-8woody3.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your xpcd-svga package immediately.
Solution : http://www.debian.org/security/2005/dsa-676
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|