Debian Security Advisory DSA 176-1 (gv) Network Vulnerability

Summary

The remote host is missing an update to gv announced via advisory DSA 176-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20176-1

Insight

Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim. This problem has been fixed in version 3.5.8-26.1 for the current stable distribution (woody), in version 3.5.8-17.1 for the old stable distribution (potato) and version 3.5.8-27 for the unstable distribution (sid). We recommend that you upgrade your gv package.

Severity

Classification

CVE CVE-2002-0838
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1111-2 (kernel-source-2.6.8 et. al.)
Debian Security Advisory DSA 067-1 (apache,apache-ssl)
Debian Security Advisory DSA 010-1 (gnupg)
Debian Security Advisory DSA 1155-2 (sendmail)
Debian Security Advisory DSA 1073-1 (mysql-dfsg-4.1)

Take action and discover your vulnerabilities