Navigation
|
|
| Problem Description |
Stack-based buffer overflow in ps.c for evince allows user-assisted
attackers to execute arbitrary code via a PostScript (PS) file with
certain headers that contain long comments, as demonstrated using the
DocumentMedia header.
Packages have been patched to correct this issue.
| Updated Packages |
Mandriva Linux 2007
9cac7456ee1b25c93bd73c430475baaf 2007.0/i586/evince-0.6.0-1.2mdv2007.0.i586.rpm d8a6e0604fe5fff79909659bd2fa0136 2007.0/SRPMS/evince-0.6.0-1.2mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
5d231a5f65991fe2383cdfc907425b77 2007.0/x86_64/evince-0.6.0-1.2mdv2007.0.x86_64.rpm d8a6e0604fe5fff79909659bd2fa0136 2007.0/SRPMS/evince-0.6.0-1.2mdv2007.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.