Yellow Dog Linux Security Announcement
--------------------------------------

Package:	gv/ggv
Issue Date: 	October 20, 2002	
Priority:	medium	
Advisory ID: 	YDU-20021020-5


1. 	Topic:

	Updated gv and ggv packages are available.


2. 	Problem:

	"Both gv and ggv are applications which use the Ghostscript PostScript
	interpreter to display PostScript and PDF documents under the X Window
	System.

	Zen Parse found a local buffer overflow in gv version 3.5.8 and earlier.

	Under this vulnerability, an attacker can create a carefully crafted,
	malformed PDF or PostScript file that, when viewed using gv, executes
	arbitrary commands on the system.

	Because ggv contains code derived from gv, it has the same vulnerability.

	All users of gv and ggv are advised to upgrade to these errata packages to
	correct this vulnerability."
	(from Red Had advisory)


3. 	Solution:

   	a) Updating via apt...
   	We suggest that you use the apt-get program to keep your
   	system up-to-date. The following command(s) will retrieve
   	and install the fixed version of this update onto your system:

		apt-get update
		apt-get upgrade

   	b) Updating manually...
	Download the updates below and then run the following rpm command.
   	(Please use a mirror site)

		rpm -Fvh [filenames]
		ftp://ftp.yellowdoglinux.com/pub/yellowdog/updates/yellowdog-2.3/
			ppc/ggv-1.0.2-5.1.3a.ppc.rpm
			ppc/gv-3.5.8-18.7x.3a.ppc.rpm


4. Verification

MD5 checksum			  Package
--------------------------------  ----------------------------
f2cc5cecfcdaeacf6cf63fb62c60f024  ppc/ggv-1.0.2-5.1.3a.ppc.rpm
b4c6d69a883b7b5d2cfee3acc5706346  ppc/gv-3.5.8-18.7x.3a.ppc.rpm
ddbf240febdd85e7034251134ff0f926  SRPMS/ggv-1.0.2-5.1.3a.src.rpm
67074378423a7a00544a563890f74bfa  SRPMS/gv-3.5.8-18.7x.3a.src.rpm


I wish to verify that each package has not been corrupted or tampered with,
examine the md5sum with the following command: rpm --checksig --nogpg filename


5. Misc.

Terra Soft has setup a moderated mailing list where these security, bugfix, and package
enhancement announcements will be posted. See http://lists.terrasoftsolutions.com/ for more
information.

For information regarding the usage of apt-get, see:
http://www.yellowdoglinux.com/support/solutions/ydl_general/apt-get.shtml