Package : kdegraphics
Vulnerability : buffer overflow
Problem-Type : remote
CVE Id : CAN-2002-0838
BugTraq ID : 5808
Zen-parse discovered a buffer overflow in gv, a PostScript and PDF
viewer for X11. The same code is present in kghostview which is part
of the KDE-Graphics package. This problem is triggered by scanning
the PostScript file and can be exploited by an attacker sending a
malformed PostScript or PDF file. The attacker is able to cause
arbitrary code to be run with the privileges of the victim.
This problem has been fixed in version 2.2.2-6.8 for the current
stable distribution (woody) and in version 2.2.2-6.9 for the unstable
distribution (sid). The old stable distribution (potato) is not
affected since no KDE is included.
We recommend that you upgrade your kghostview package.
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
will update the internal database
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody