From owner-freebsd-ports Thu Oct 17 2:11:21 2002 Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 18B8F37B401 for <ports@freebsd.org>; Thu, 17 Oct 2002 02:11:20 -0700 (PDT) Received: from gwdu60.gwdg.de (gwdu60.gwdg.de [134.76.98.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3FB3D43E3B for <ports@freebsd.org>; Thu, 17 Oct 2002 02:11:17 -0700 (PDT) (envelope-from kheuer@gwdg.de) Received: from gwdu60.gwdg.de (localhost [127.0.0.1]) by gwdu60.gwdg.de (8.12.5/8.12.4) with ESMTP id g9H9BDce014571 for <ports@freebsd.org>; Thu, 17 Oct 2002 11:11:13 +0200 (CEST) (envelope-from kheuer@gwdg.de) Received: from localhost (kheuer@localhost) by gwdu60.gwdg.de (8.12.5/8.12.4/Submit) with ESMTP id g9H9BDwF014568 for <ports@freebsd.org>; Thu, 17 Oct 2002 11:11:13 +0200 (CEST) X-Authentication-Warning: gwdu60.gwdg.de: kheuer owned process doing -bs Date: Thu, 17 Oct 2002 11:11:12 +0200 (CEST) From: Konrad Heuer <kheuer@gwdg.de> To: ports@freebsd.org Subject: GV security problem Message-ID: <20021017110243.U544-100000@gwdu60.gwdg.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: <freebsd-ports.FreeBSD.ORG> List-Archive: <http://docs.freebsd.org/mail/> (Web Archive) List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions) List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports> List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports> X-Loop: FreeBSD.org Maybe you already know about the bug discovered in GV code; otherwise please look at e.g.: http://online.securityfocus.com/advisories/4563 Short description: Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim. Do you expect a port update to be available soon? (Same problems holds true for ghostview afaik. Regards K. Heuer (kheuer@gwdg.de) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message