From: Mandrake Linux Security Team <security@linux-mandrake.com.>
To: [email protected]Subject: MDKSA-2005:019 - Updated koffice packages fix buffer overflow vulnerability
Message-Id: <E1Ctf5y-0007lp-Ai@updates.mandrakesoft.com.>
Date: Tue, 25 Jan 2005 21:47:58 -0700
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: koffice
Advisory ID: MDKSA-2005:019
Date: January 25th, 2005
Affected versions: 10.0, 10.1, Corporate Server 3.0
______________________________________________________________________
Problem Description:
A buffer overflow vulnerability was discovered in the xpdf PDF
code, which could allow for arbitrary code execution as the user
viewing a PDF file. The vulnerability exists due to insufficient bounds
checking while processing a PDF file that provides malicious values in
the /Encrypt /Length tag. Koffice uses xpdf code and is susceptible to the
same vulnerability.
The updated packages have been patched to prevent these problems.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
d620ab0db67c4e25f755ee62cf1a474a 10.0/RPMS/koffice-1.3-12.2.100mdk.i586.rpm
ade52f0ac258267ae8614502fabc8ab2 10.0/RPMS/libkoffice2-1.3-12.2.100mdk.i586.rpm
280135355e26e3baab14f63628c97dc2 10.0/RPMS/libkoffice2-devel-1.3-12.2.100mdk.i586.rpm
d46d3a868900d7ab94aeaa34deea1018 10.0/SRPMS/koffice-1.3-12.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
04bf5f31e92516f1c0458ba12c930a48 amd64/10.0/RPMS/koffice-1.3-12.2.100mdk.amd64.rpm
eec5070100e0ddbc03d4e0c55dfe1be3 amd64/10.0/RPMS/lib64koffice2-1.3-12.2.100mdk.amd64.rpm
065702b188f8ea68df6493da6cdbd660 amd64/10.0/RPMS/lib64koffice2-devel-1.3-12.2.100mdk.amd64.rpm
d46d3a868900d7ab94aeaa34deea1018 amd64/10.0/SRPMS/koffice-1.3-12.2.100mdk.src.rpm
Mandrakelinux 10.1:
c0530b7a5fa5542752b8998c31acce9e 10.1/RPMS/koffice-1.3.3-2.2.101mdk.i586.rpm
7d18d56f064133b241d2c454e817eb38 10.1/RPMS/koffice-karbon-1.3.3-2.2.101mdk.i586.rpm
9622c8c9f7876aa3d159532486117c5d 10.1/RPMS/koffice-kformula-1.3.3-2.2.101mdk.i586.rpm
4389b3cd90e57052424417f7a8dd4ceb 10.1/RPMS/koffice-kivio-1.3.3-2.2.101mdk.i586.rpm
361459b34c382e1c1382b483a92a6756 10.1/RPMS/koffice-koshell-1.3.3-2.2.101mdk.i586.rpm
15e865d609a58ac2783e8d25fde0418e 10.1/RPMS/koffice-kpresenter-1.3.3-2.2.101mdk.i586.rpm
65a868b881015cfd2376748526902fc8 10.1/RPMS/koffice-kspread-1.3.3-2.2.101mdk.i586.rpm
6587cc22182a858158cd8aea2afcba64 10.1/RPMS/koffice-kugar-1.3.3-2.2.101mdk.i586.rpm
caf4007f0343e29a69d10a057af99c83 10.1/RPMS/koffice-kword-1.3.3-2.2.101mdk.i586.rpm
da30f2308d7158089c383ca4a99d72ea 10.1/RPMS/koffice-progs-1.3.3-2.2.101mdk.i586.rpm
5784ad20ba835bd54cd95dc24d713253 10.1/RPMS/libkoffice2-karbon-1.3.3-2.2.101mdk.i586.rpm
8eda23533d992bb34d12c7bac00030be 10.1/RPMS/libkoffice2-kformula-1.3.3-2.2.101mdk.i586.rpm
a7923dede9bb79346bab697142346ec1 10.1/RPMS/libkoffice2-kivio-1.3.3-2.2.101mdk.i586.rpm
5cc52af39aa57938d7edae0d640fc968 10.1/RPMS/libkoffice2-koshell-1.3.3-2.2.101mdk.i586.rpm
e4bec26f95e1f55ced770cafd320e335 10.1/RPMS/libkoffice2-kpresenter-1.3.3-2.2.101mdk.i586.rpm
a8e1b736a8a3924cc39495a32b6ad223 10.1/RPMS/libkoffice2-kspread-1.3.3-2.2.101mdk.i586.rpm
5d1e64e28d69771aa4709791547f3802 10.1/RPMS/libkoffice2-kspread-devel-1.3.3-2.2.101mdk.i586.rpm
81bbf226aca53b9ad14c7522f3302191 10.1/RPMS/libkoffice2-kugar-1.3.3-2.2.101mdk.i586.rpm
e0c51ed40247b0d0715c6a67e9c0dfdc 10.1/RPMS/libkoffice2-kugar-devel-1.3.3-2.2.101mdk.i586.rpm
1403e58e5586b3dc41d874fb7f76992f 10.1/RPMS/libkoffice2-kword-1.3.3-2.2.101mdk.i586.rpm
77afbcf9c3603ec9cfae784e0d2ed43b 10.1/RPMS/libkoffice2-kword-devel-1.3.3-2.2.101mdk.i586.rpm
37a4b0ca89f95d47850392303f6774a1 10.1/RPMS/libkoffice2-progs-1.3.3-2.2.101mdk.i586.rpm
2219d9fdc81fcf660d60e15319e9943d 10.1/RPMS/libkoffice2-progs-devel-1.3.3-2.2.101mdk.i586.rpm
618a562fb56d40e4ecfd730d2b1be49b 10.1/SRPMS/koffice-1.3.3-2.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
d9cf8ecb69c8d7ccc2f0168ee078b3d3 x86_64/10.1/RPMS/koffice-1.3.3-2.2.101mdk.x86_64.rpm
460dd9a91e6e82323e110bf052371a52 x86_64/10.1/RPMS/koffice-karbon-1.3.3-2.2.101mdk.x86_64.rpm
3ae887f0ac3679219721611c1f05697d x86_64/10.1/RPMS/koffice-kformula-1.3.3-2.2.101mdk.x86_64.rpm
49efb5347574454645adca560a81f911 x86_64/10.1/RPMS/koffice-kivio-1.3.3-2.2.101mdk.x86_64.rpm
6f4a57a3d88a88ea7a179b4a1a113de9 x86_64/10.1/RPMS/koffice-koshell-1.3.3-2.2.101mdk.x86_64.rpm
d5be06b78eb1a0d2606be0deaa45a4a8 x86_64/10.1/RPMS/koffice-kpresenter-1.3.3-2.2.101mdk.x86_64.rpm
96ed4e467d93797e925f09c3ca150a0b x86_64/10.1/RPMS/koffice-kspread-1.3.3-2.2.101mdk.x86_64.rpm
41c1e39c0766d9ed0a823d8d5fa7499b x86_64/10.1/RPMS/koffice-kugar-1.3.3-2.2.101mdk.x86_64.rpm
cc48202eb30adf7625464def2461901c x86_64/10.1/RPMS/koffice-kword-1.3.3-2.2.101mdk.x86_64.rpm
7b672b3f77fe1d16ba22fe266695ffa9 x86_64/10.1/RPMS/koffice-progs-1.3.3-2.2.101mdk.x86_64.rpm
3d73eb1169a9a1055c06e134bb366b9f x86_64/10.1/RPMS/lib64koffice2-karbon-1.3.3-2.2.101mdk.x86_64.rpm
c31083fa21030ae3270b6623ae6cb29c x86_64/10.1/RPMS/lib64koffice2-kformula-1.3.3-2.2.101mdk.x86_64.rpm
228b5a7e9a0f71b59b00d89f79dd627b x86_64/10.1/RPMS/lib64koffice2-kivio-1.3.3-2.2.101mdk.x86_64.rpm
9ecf703ab3f988fb9cd914c46387bd21 x86_64/10.1/RPMS/lib64koffice2-koshell-1.3.3-2.2.101mdk.x86_64.rpm
456dea35aba11bdfbf3fe253939289b9 x86_64/10.1/RPMS/lib64koffice2-kpresenter-1.3.3-2.2.101mdk.x86_64.rpm
75e1f65af93ef7fb4f5a754b0c7bec31 x86_64/10.1/RPMS/lib64koffice2-kspread-1.3.3-2.2.101mdk.x86_64.rpm
9c44cfeb5ddf24bf0a7cb0f7cb2aab0a x86_64/10.1/RPMS/lib64koffice2-kspread-devel-1.3.3-2.2.101mdk.x86_64.rpm
7b18675837a38c393747a6dd4b6ccf4e x86_64/10.1/RPMS/lib64koffice2-kugar-1.3.3-2.2.101mdk.x86_64.rpm
f570ef6a23fa7afc2fb4379329853999 x86_64/10.1/RPMS/lib64koffice2-kugar-devel-1.3.3-2.2.101mdk.x86_64.rpm
4a558d84ab7a2d547c35801aca5d3dbb x86_64/10.1/RPMS/lib64koffice2-kword-1.3.3-2.2.101mdk.x86_64.rpm
ea2261303599a4c9d465304e27201f64 x86_64/10.1/RPMS/lib64koffice2-kword-devel-1.3.3-2.2.101mdk.x86_64.rpm
77ade17c9ac8c20c9cf55478dd12aff7 x86_64/10.1/RPMS/lib64koffice2-progs-1.3.3-2.2.101mdk.x86_64.rpm
996b4496c415ffdc41c56e5d0dba97b5 x86_64/10.1/RPMS/lib64koffice2-progs-devel-1.3.3-2.2.101mdk.x86_64.rpm
618a562fb56d40e4ecfd730d2b1be49b x86_64/10.1/SRPMS/koffice-1.3.3-2.2.101mdk.src.rpm
Corporate Server 3.0:
b487481d69017027aa30d300768f077e corporate/3.0/RPMS/koffice-1.3-12.2.C30mdk.i586.rpm
8b4d331f0944c61fb8e5077bca050c2f corporate/3.0/RPMS/libkoffice2-1.3-12.2.C30mdk.i586.rpm
4d1dae4b305ff73a186b3eaf41ab89bb corporate/3.0/RPMS/libkoffice2-devel-1.3-12.2.C30mdk.i586.rpm
4ce907e44911ae3797f7746e2b73188f corporate/3.0/SRPMS/koffice-1.3-12.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB9yD+mqjQ0CJFipgRAqwNAJ93m5CjeU50ncwwcF1uzst71mQDogCeIN+p
4XAWLURtZZm3gDFX8G8WloY=
=HhIw
-----END PGP SIGNATURE-----