-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:229 http://www.mandriva.com/security/ _______________________________________________________________________ Package : evince Date : December 13, 2006 Affected: 2007.0 _______________________________________________________________________ Problem Description: Stack-based buffer overflow in ps.c for evince allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header. Packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 9cac7456ee1b25c93bd73c430475baaf 2007.0/i586/evince-0.6.0-1.2mdv2007.0.i586.rpm d8a6e0604fe5fff79909659bd2fa0136 2007.0/SRPMS/evince-0.6.0-1.2mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 5d231a5f65991fe2383cdfc907425b77 2007.0/x86_64/evince-0.6.0-1.2mdv2007.0.x86_64.rpm d8a6e0604fe5fff79909659bd2fa0136 2007.0/SRPMS/evince-0.6.0-1.2mdv2007.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFgKj+mqjQ0CJFipgRAtBCAKDKnwM086Y9DupRDVTrAjnpH8bAVQCg3kLy +Sol3MJsG9wREueQWX6g1Fw= =/c4l -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/