Fedora Account System
Red Hat Associate
Red Hat Customer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-5864 "Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header."
Mandriva Linux Security Advisory, MDKSA-2006:214-1, says the following: "The patch used in the previous update still left the possibility of causing X to consume unusual amounts of memory if gv is used to view a carefully crafted image designed to exploit CVE-2006-5864. This update uses an improved patch to address this issue." For patches see, for example, gv-3.6.1-4.3.20060mdk.src.rpm http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5864
Thanks for the references. Fixed in 3.6.2-2.
For info for people interested in older distros: the patch has been applied in Extras for FC5+ only, not FC4 at the moment.