Bug 218832 - ggv affected by CVE-2006-5864
ggv affected by CVE-2006-5864
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: ggv (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Jonathan Blandford
Depends On:
  Show dependency treegraph
Reported: 2006-12-07 13:52 EST by Michal Jaegermann
Modified: 2013-04-02 00:21 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-20 09:30:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
a patch for CVE-2006-5864 (746 bytes, patch)
2006-12-07 13:52 EST, Michal Jaegermann
no flags Details | Diff

  None (edit)
Description Michal Jaegermann 2006-12-07 13:52:56 EST
Description of problem:

ggv in src/ps.c is using really the same code as gv. So it is
difficult not to assume that it is not affected by exactly the
same problem as described in bug 215136; which means a possibility
of a remote attack (and the problem is "wide open" on the net).

I have no idea what other packages may be also using the code
in question.  Surely other ggv version if they show up in earlier
RHEL releases.

A patch "translated" to ggv sources is attached.

Version-Release number of selected component (if applicable):
Comment 1 Michal Jaegermann 2006-12-07 13:52:56 EST
Created attachment 143080 [details]
a patch for CVE-2006-5864
Comment 2 Michal Jaegermann 2006-12-11 12:28:26 EST
See also bug 215593 (the same issue in gv from 2.1AS).
Comment 4 Jiri Pallich 2012-06-20 09:30:12 EDT
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.

Note You need to log in before you can comment on or make changes to this bug.