<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2005:019 - Updated koffice packages fix buffer overflow vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           koffice
 Advisory ID:            MDKSA-2005:019
 Date:                   January 25th, 2005

 Affected versions:      10.0, 10.1, Corporate Server 3.0
 ______________________________________________________________________

 Problem Description:

 A buffer overflow vulnerability was discovered in the xpdf PDF          
 code, which could allow for arbitrary code execution as the user 
 viewing a PDF file. The vulnerability exists due to insufficient bounds
 checking while processing a PDF file that provides malicious values in
 the /Encrypt /Length tag. Koffice uses xpdf code and is susceptible to the
 same vulnerability.
 
 The updated packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 d620ab0db67c4e25f755ee62cf1a474a  10.0/RPMS/koffice-1.3-12.2.100mdk.i586.rpm
 ade52f0ac258267ae8614502fabc8ab2  
10.0/RPMS/libkoffice2-1.3-12.2.100mdk.i586.rpm
 280135355e26e3baab14f63628c97dc2  
10.0/RPMS/libkoffice2-devel-1.3-12.2.100mdk.i586.rpm
 d46d3a868900d7ab94aeaa34deea1018  10.0/SRPMS/koffice-1.3-12.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 04bf5f31e92516f1c0458ba12c930a48  
amd64/10.0/RPMS/koffice-1.3-12.2.100mdk.amd64.rpm
 eec5070100e0ddbc03d4e0c55dfe1be3  
amd64/10.0/RPMS/lib64koffice2-1.3-12.2.100mdk.amd64.rpm
 065702b188f8ea68df6493da6cdbd660  
amd64/10.0/RPMS/lib64koffice2-devel-1.3-12.2.100mdk.amd64.rpm
 d46d3a868900d7ab94aeaa34deea1018  
amd64/10.0/SRPMS/koffice-1.3-12.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 c0530b7a5fa5542752b8998c31acce9e  10.1/RPMS/koffice-1.3.3-2.2.101mdk.i586.rpm
 7d18d56f064133b241d2c454e817eb38  
10.1/RPMS/koffice-karbon-1.3.3-2.2.101mdk.i586.rpm
 9622c8c9f7876aa3d159532486117c5d  
10.1/RPMS/koffice-kformula-1.3.3-2.2.101mdk.i586.rpm
 4389b3cd90e57052424417f7a8dd4ceb  
10.1/RPMS/koffice-kivio-1.3.3-2.2.101mdk.i586.rpm
 361459b34c382e1c1382b483a92a6756  
10.1/RPMS/koffice-koshell-1.3.3-2.2.101mdk.i586.rpm
 15e865d609a58ac2783e8d25fde0418e  
10.1/RPMS/koffice-kpresenter-1.3.3-2.2.101mdk.i586.rpm
 65a868b881015cfd2376748526902fc8  
10.1/RPMS/koffice-kspread-1.3.3-2.2.101mdk.i586.rpm
 6587cc22182a858158cd8aea2afcba64  
10.1/RPMS/koffice-kugar-1.3.3-2.2.101mdk.i586.rpm
 caf4007f0343e29a69d10a057af99c83  
10.1/RPMS/koffice-kword-1.3.3-2.2.101mdk.i586.rpm
 da30f2308d7158089c383ca4a99d72ea  
10.1/RPMS/koffice-progs-1.3.3-2.2.101mdk.i586.rpm
 5784ad20ba835bd54cd95dc24d713253  
10.1/RPMS/libkoffice2-karbon-1.3.3-2.2.101mdk.i586.rpm
 8eda23533d992bb34d12c7bac00030be  
10.1/RPMS/libkoffice2-kformula-1.3.3-2.2.101mdk.i586.rpm
 a7923dede9bb79346bab697142346ec1  
10.1/RPMS/libkoffice2-kivio-1.3.3-2.2.101mdk.i586.rpm
 5cc52af39aa57938d7edae0d640fc968  
10.1/RPMS/libkoffice2-koshell-1.3.3-2.2.101mdk.i586.rpm
 e4bec26f95e1f55ced770cafd320e335  
10.1/RPMS/libkoffice2-kpresenter-1.3.3-2.2.101mdk.i586.rpm
 a8e1b736a8a3924cc39495a32b6ad223  
10.1/RPMS/libkoffice2-kspread-1.3.3-2.2.101mdk.i586.rpm
 5d1e64e28d69771aa4709791547f3802  
10.1/RPMS/libkoffice2-kspread-devel-1.3.3-2.2.101mdk.i586.rpm
 81bbf226aca53b9ad14c7522f3302191  
10.1/RPMS/libkoffice2-kugar-1.3.3-2.2.101mdk.i586.rpm
 e0c51ed40247b0d0715c6a67e9c0dfdc  
10.1/RPMS/libkoffice2-kugar-devel-1.3.3-2.2.101mdk.i586.rpm
 1403e58e5586b3dc41d874fb7f76992f  
10.1/RPMS/libkoffice2-kword-1.3.3-2.2.101mdk.i586.rpm
 77afbcf9c3603ec9cfae784e0d2ed43b  
10.1/RPMS/libkoffice2-kword-devel-1.3.3-2.2.101mdk.i586.rpm
 37a4b0ca89f95d47850392303f6774a1  
10.1/RPMS/libkoffice2-progs-1.3.3-2.2.101mdk.i586.rpm
 2219d9fdc81fcf660d60e15319e9943d  
10.1/RPMS/libkoffice2-progs-devel-1.3.3-2.2.101mdk.i586.rpm
 618a562fb56d40e4ecfd730d2b1be49b  10.1/SRPMS/koffice-1.3.3-2.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 d9cf8ecb69c8d7ccc2f0168ee078b3d3  
x86_64/10.1/RPMS/koffice-1.3.3-2.2.101mdk.x86_64.rpm
 460dd9a91e6e82323e110bf052371a52  
x86_64/10.1/RPMS/koffice-karbon-1.3.3-2.2.101mdk.x86_64.rpm
 3ae887f0ac3679219721611c1f05697d  
x86_64/10.1/RPMS/koffice-kformula-1.3.3-2.2.101mdk.x86_64.rpm
 49efb5347574454645adca560a81f911  
x86_64/10.1/RPMS/koffice-kivio-1.3.3-2.2.101mdk.x86_64.rpm
 6f4a57a3d88a88ea7a179b4a1a113de9  
x86_64/10.1/RPMS/koffice-koshell-1.3.3-2.2.101mdk.x86_64.rpm
 d5be06b78eb1a0d2606be0deaa45a4a8  
x86_64/10.1/RPMS/koffice-kpresenter-1.3.3-2.2.101mdk.x86_64.rpm
 96ed4e467d93797e925f09c3ca150a0b  
x86_64/10.1/RPMS/koffice-kspread-1.3.3-2.2.101mdk.x86_64.rpm
 41c1e39c0766d9ed0a823d8d5fa7499b  
x86_64/10.1/RPMS/koffice-kugar-1.3.3-2.2.101mdk.x86_64.rpm
 cc48202eb30adf7625464def2461901c  
x86_64/10.1/RPMS/koffice-kword-1.3.3-2.2.101mdk.x86_64.rpm
 7b672b3f77fe1d16ba22fe266695ffa9  
x86_64/10.1/RPMS/koffice-progs-1.3.3-2.2.101mdk.x86_64.rpm
 3d73eb1169a9a1055c06e134bb366b9f  
x86_64/10.1/RPMS/lib64koffice2-karbon-1.3.3-2.2.101mdk.x86_64.rpm
 c31083fa21030ae3270b6623ae6cb29c  
x86_64/10.1/RPMS/lib64koffice2-kformula-1.3.3-2.2.101mdk.x86_64.rpm
 228b5a7e9a0f71b59b00d89f79dd627b  
x86_64/10.1/RPMS/lib64koffice2-kivio-1.3.3-2.2.101mdk.x86_64.rpm
 9ecf703ab3f988fb9cd914c46387bd21  
x86_64/10.1/RPMS/lib64koffice2-koshell-1.3.3-2.2.101mdk.x86_64.rpm
 456dea35aba11bdfbf3fe253939289b9  
x86_64/10.1/RPMS/lib64koffice2-kpresenter-1.3.3-2.2.101mdk.x86_64.rpm
 75e1f65af93ef7fb4f5a754b0c7bec31  
x86_64/10.1/RPMS/lib64koffice2-kspread-1.3.3-2.2.101mdk.x86_64.rpm
 9c44cfeb5ddf24bf0a7cb0f7cb2aab0a  
x86_64/10.1/RPMS/lib64koffice2-kspread-devel-1.3.3-2.2.101mdk.x86_64.rpm
 7b18675837a38c393747a6dd4b6ccf4e  
x86_64/10.1/RPMS/lib64koffice2-kugar-1.3.3-2.2.101mdk.x86_64.rpm
 f570ef6a23fa7afc2fb4379329853999  
x86_64/10.1/RPMS/lib64koffice2-kugar-devel-1.3.3-2.2.101mdk.x86_64.rpm
 4a558d84ab7a2d547c35801aca5d3dbb  
x86_64/10.1/RPMS/lib64koffice2-kword-1.3.3-2.2.101mdk.x86_64.rpm
 ea2261303599a4c9d465304e27201f64  
x86_64/10.1/RPMS/lib64koffice2-kword-devel-1.3.3-2.2.101mdk.x86_64.rpm
 77ade17c9ac8c20c9cf55478dd12aff7  
x86_64/10.1/RPMS/lib64koffice2-progs-1.3.3-2.2.101mdk.x86_64.rpm
 996b4496c415ffdc41c56e5d0dba97b5  
x86_64/10.1/RPMS/lib64koffice2-progs-devel-1.3.3-2.2.101mdk.x86_64.rpm
 618a562fb56d40e4ecfd730d2b1be49b  
x86_64/10.1/SRPMS/koffice-1.3.3-2.2.101mdk.src.rpm

 Corporate Server 3.0:
 b487481d69017027aa30d300768f077e  
corporate/3.0/RPMS/koffice-1.3-12.2.C30mdk.i586.rpm
 8b4d331f0944c61fb8e5077bca050c2f  
corporate/3.0/RPMS/libkoffice2-1.3-12.2.C30mdk.i586.rpm
 4d1dae4b305ff73a186b3eaf41ab89bb  
corporate/3.0/RPMS/libkoffice2-devel-1.3-12.2.C30mdk.i586.rpm
 4ce907e44911ae3797f7746e2b73188f  
corporate/3.0/SRPMS/koffice-1.3-12.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB9yD+mqjQ0CJFipgRAqwNAJ93m5CjeU50ncwwcF1uzst71mQDogCeIN+p
4XAWLURtZZm3gDFX8G8WloY=
=HhIw
-----END PGP SIGNATURE-----