From: Waldo Bastian <bastian@kde.org.>
To: [email protected]Subject: KDE Security Advisory: KOffice PDF Import Filter Vulnerability
User-Agent: KMail/1.7.91
X-Face: "W;rAB>&6N~&NB#!^;{hcA,`fRf=`}uFMt{y\A~n4v'|V'b[T?Mdi=QQ!7O{-J0Nq@=?iso-8859-1?q?qscz=0A=09mnZ5XabWIl!?=)YKx<!?>(2/_;Azjbs4Q~[<XixQDG'966;]]l[D*\K,d1E^I%9u]j!`@=?iso-8859-1?q?XON=0A=09H1P=245YIt=7EPviZ?=@kz@&%
MIME-Version: 1.0
Date: Thu, 20 Jan 2005 23:05:43 +0100
Content-Type: multipart/signed;
boundary="nextPart553130346.1nWHcy4Yhl";
protocol="application/pgp-signature";
micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200501202305.46951.bastian@kde.org.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
--nextPart553130346.1nWHcy4Yhl
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
KDE Security Advisory: KOffice PDF Import Filter Vulnerability
Original Release Date: 2005-01-20
URL: http://www.kde.org/info/security/advisory-20050120-1.txt
0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2005-0064http://www.idefense.com/application/poi/display?id=3D186&type=3Dvulnerab=
ilities
1. Systems affected:
KOffice 1.3 up to including KOffice 1.3.5
2. Overview:
The KOffice PDF Import Filter shares code with xpdf. xpdf contains
a buffer overflow that can be triggered by a specially crafted
PDF file.
3. Impact:
Remotely supplied pdf files can be used to execute arbitrary
code on the client machine when the user opens such file in
KOffice.
4. Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
5. Patch:
Patch for KOffice 1.3.5 is available from=20
ftp://ftp.kde.org/pub/kde/security_patches :
0e6194cbfe3f6d3b3c848c2c76ef5bfb post-1.3.5-koffice.diff
6. Time line and credits:
19/01/2005 KDE Security Team alerted by Carsten Lohrke
19/01/2005 Patches from xpdf 3.00pl3 applied to KDE CVS and patches
prepared.=20
20/01/2005 Public disclosure.
=2D-=20
[email protected] | Free Novell Linux Desktop 9 Evaluation Download
[email protected] | http://www.novell.com/products/desktop/eval.html
--nextPart553130346.1nWHcy4Yhl
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQBB8Cs6N4pvrENfboIRAj2uAJ9OO3Jipu9E22hpyuilUjQ0pQtCNwCgkREN
KDHq14niu3nIKgfdfoWyAJk=
=8Bdg
-----END PGP SIGNATURE-----
--nextPart553130346.1nWHcy4Yhl--
