[SECURITY] [DSA 293-1] New kdelibs packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 293-1 [email protected] http://www.debian.org/security/ Martin Schulze April 23rd, 2003 http://www.debian.org/security/faq -...

DSA-293 kdelibs - insecure execution

Bulletin has no description...

Updated KDE packages available

New KDE 3.1.1a packages are available for Slackware 9.0 which fix a security problem with the handling of PS and PDF documents. Here are the details from the Slackware 9.0 ChangeLog: Thu Apr 17 15:32:15 PDT 2003 patches/packages/kde/: Upgraded to KDE 3.1.1a. Also included in this directory are a...

CVE-2003-0204

Summary: CVE-2003-0204 affects KDE 2/3.x components on multiple Debian packages. The KDE team reported that Ghostscript usage to process PS/PDF files via kghostview could allow arbitrary command execution due to missing -dPARANOIDSAFER/-dSAFER handling. Public references show Debian DSAs (DSA-293...

Code execution via PDF and PS in KDE

Command contained in PS and PDF files may be eceuted...

DEBIAN-CVE-2002-2047

The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript EPS file...

CVE-2002-0836

dvips converter for Postscript files in the tetex package calls the system function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts...

CVE-2002-1223

Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps PostScript input file...

DSA-182 kdegraphics - buffer overflow

Bulletin has no description...

DSA-179 gnome-gv - buffer overflow

Bulletin has no description...

DSA-176 gv - buffer overflow

Bulletin has no description...

KDE Security Advisory: KGhostview Arbitary Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: KGhostview Arbitary Code Execution Original Release Date: 2002-10-08 URL: http://www.kde.org/info/security/advisory-20021008-1.txt 0. References cve.mitre.org: CAN-2002-0838 BUGTRAQ:20020926 iDEFENSE Security Advisory 09.26.2002...

Important: Red Hat Security Advisory: ggv security update

Updated packages for gv, ggv, and kdegraphics fix a local buffer overflow when reading malformed PDF or PostScript files. Updated 07 Jan 2003 Added fixed packages for the Itanium IA64 architecture. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 Gv and ggv are user interface...

CVE-2002-0838

Buffer overflow in 1 gv 3.5.8 and earlier, 2 gvv 1.0.2 and earlier, 3 ggv 1.99.90 and earlier, 4 gnome-gv, and 5 kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed a PDF or b PostScript file, which is processed by an unsafe call to sscanf...

DEBIAN-CVE-2002-0838

Buffer overflow in 1 gv 3.5.8 and earlier, 2 gvv 1.0.2 and earlier, 3 ggv 1.99.90 and earlier, 4 gnome-gv, and 5 kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed a PDF or b PostScript file, which is processed by an unsafe call to sscanf...

CVE-2002-0838

Buffer overflow in 1 gv 3.5.8 and earlier, 2 gvv 1.0.2 and earlier, 3 ggv 1.99.90 and earlier, 4 gnome-gv, and 5 kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed a PDF or b PostScript file, which is processed by an unsafe call to sscanf...

CVE-2002-0838

CVE-2002-0838 concerns a buffer overflow in affected XDG/Preview components: gv 3.5.8 and earlier, gvv 1.0.2 and earlier, ggv 1.99.90 and earlier, gnome-gv, and kdegraphics 2.2.2 and earlier. The vulnerability arises when processing malformed PDF or PostScript files, where an unsafe call to sscan...

iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 09.26.2002 Exploitable Buffer Overflow in gv DESCRIPTION The gv program that is shipped on many Unix systems contains a buffer overflow which can be exploited by an attacker sending a malformed postscript or Adobe pdf file...

Important: Red Hat Security Advisory: ghostscript security update

Updated packages are available for GNU Ghostscript, which fix a vulnerability found during PostScript interpretation. Ghostscript is a program for displaying PostScript files or printing them to non-PostScript printers. An untrusted PostScript file can cause ghostscript to execute arbitrary...

Important: Red Hat Security Advisory: : Ghostscript command execution vulnerability

Updated packages are available for GNU Ghostscript which fix a vulnerability found during Postscript interpretation. Ghostscript is a program for displaying PostScript files or printing them to non-PostScript printers. An untrusted PostScript file can cause ghostscript to execute arbitrary comman...