Red Hat Bugzilla – Bug 200321
CVE-2006-3119, fbida: malicious postscript command vulnerability
Last modified: 2007-11-30 17:11:38 EST
"The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a typo that
prevents a filter from working correctly, which allows user-assisted attackers
to bypass the filter and execute malicious Postscript commands."
The CVE description says before 2.01, but 2.03 seems to be affected too.
Fix: s/-dSAVER/-dSAFER/ in fbgs
I have released fixes for FC-3, FC-4 and FC-5. The build for devel failed on ppc
because of changes in the kernel headers. I need to investigate how to solve the
problem on devel and will then close this bug.
also fixed on devel