LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: Updated koffice packages fix Print E-mail
User Rating:      How can I rate this item?
Posted by Joseph Shakespeare   
Mandrake A buffer overflow vulnerability was discovered in the xpdf PDF code, which could allow for arbitrary code execution as the user viewing a PDF file. Koffice uses xpdf code and is susceptible to the same vulnerability. The updated packages have been patched to prevent these problems.
 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           koffice
 Advisory ID:            MDKSA-2005:019
 Date:                   January 25th, 2005

 Affected versions:	 10.0, 10.1, Corporate Server 3.0
 ______________________________________________________________________

 Problem Description:

 A buffer overflow vulnerability was discovered in the xpdf PDF          
 code, which could allow for arbitrary code execution as the user 
 viewing a PDF file. The vulnerability exists due to insufficient bounds
 checking while processing a PDF file that provides malicious values in
 the /Encrypt /Length tag. Koffice uses xpdf code and is susceptible to the
 same vulnerability.
 
 The updated packages have been patched to prevent these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 d620ab0db67c4e25f755ee62cf1a474a  10.0/RPMS/koffice-1.3-12.2.100mdk.i586.rpm
 ade52f0ac258267ae8614502fabc8ab2  10.0/RPMS/libkoffice2-1.3-12.2.100mdk.i586.rpm
 280135355e26e3baab14f63628c97dc2  10.0/RPMS/libkoffice2-devel-1.3-12.2.100mdk.i586.rpm
 d46d3a868900d7ab94aeaa34deea1018  10.0/SRPMS/koffice-1.3-12.2.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 04bf5f31e92516f1c0458ba12c930a48  amd64/10.0/RPMS/koffice-1.3-12.2.100mdk.amd64.rpm
 eec5070100e0ddbc03d4e0c55dfe1be3  amd64/10.0/RPMS/lib64koffice2-1.3-12.2.100mdk.amd64.rpm
 065702b188f8ea68df6493da6cdbd660  amd64/10.0/RPMS/lib64koffice2-devel-1.3-12.2.100mdk.amd64.rpm
 d46d3a868900d7ab94aeaa34deea1018  amd64/10.0/SRPMS/koffice-1.3-12.2.100mdk.src.rpm

 Mandrakelinux 10.1:
 c0530b7a5fa5542752b8998c31acce9e  10.1/RPMS/koffice-1.3.3-2.2.101mdk.i586.rpm
 7d18d56f064133b241d2c454e817eb38  10.1/RPMS/koffice-karbon-1.3.3-2.2.101mdk.i586.rpm
 9622c8c9f7876aa3d159532486117c5d  10.1/RPMS/koffice-kformula-1.3.3-2.2.101mdk.i586.rpm
 4389b3cd90e57052424417f7a8dd4ceb  10.1/RPMS/koffice-kivio-1.3.3-2.2.101mdk.i586.rpm
 361459b34c382e1c1382b483a92a6756  10.1/RPMS/koffice-koshell-1.3.3-2.2.101mdk.i586.rpm
 15e865d609a58ac2783e8d25fde0418e  10.1/RPMS/koffice-kpresenter-1.3.3-2.2.101mdk.i586.rpm
 65a868b881015cfd2376748526902fc8  10.1/RPMS/koffice-kspread-1.3.3-2.2.101mdk.i586.rpm
 6587cc22182a858158cd8aea2afcba64  10.1/RPMS/koffice-kugar-1.3.3-2.2.101mdk.i586.rpm
 caf4007f0343e29a69d10a057af99c83  10.1/RPMS/koffice-kword-1.3.3-2.2.101mdk.i586.rpm
 da30f2308d7158089c383ca4a99d72ea  10.1/RPMS/koffice-progs-1.3.3-2.2.101mdk.i586.rpm
 5784ad20ba835bd54cd95dc24d713253  10.1/RPMS/libkoffice2-karbon-1.3.3-2.2.101mdk.i586.rpm
 8eda23533d992bb34d12c7bac00030be  10.1/RPMS/libkoffice2-kformula-1.3.3-2.2.101mdk.i586.rpm
 a7923dede9bb79346bab697142346ec1  10.1/RPMS/libkoffice2-kivio-1.3.3-2.2.101mdk.i586.rpm
 5cc52af39aa57938d7edae0d640fc968  10.1/RPMS/libkoffice2-koshell-1.3.3-2.2.101mdk.i586.rpm
 e4bec26f95e1f55ced770cafd320e335  10.1/RPMS/libkoffice2-kpresenter-1.3.3-2.2.101mdk.i586.rpm
 a8e1b736a8a3924cc39495a32b6ad223  10.1/RPMS/libkoffice2-kspread-1.3.3-2.2.101mdk.i586.rpm
 5d1e64e28d69771aa4709791547f3802  10.1/RPMS/libkoffice2-kspread-devel-1.3.3-2.2.101mdk.i586.rpm
 81bbf226aca53b9ad14c7522f3302191  10.1/RPMS/libkoffice2-kugar-1.3.3-2.2.101mdk.i586.rpm
 e0c51ed40247b0d0715c6a67e9c0dfdc  10.1/RPMS/libkoffice2-kugar-devel-1.3.3-2.2.101mdk.i586.rpm
 1403e58e5586b3dc41d874fb7f76992f  10.1/RPMS/libkoffice2-kword-1.3.3-2.2.101mdk.i586.rpm
 77afbcf9c3603ec9cfae784e0d2ed43b  10.1/RPMS/libkoffice2-kword-devel-1.3.3-2.2.101mdk.i586.rpm
 37a4b0ca89f95d47850392303f6774a1  10.1/RPMS/libkoffice2-progs-1.3.3-2.2.101mdk.i586.rpm
 2219d9fdc81fcf660d60e15319e9943d  10.1/RPMS/libkoffice2-progs-devel-1.3.3-2.2.101mdk.i586.rpm
 618a562fb56d40e4ecfd730d2b1be49b  10.1/SRPMS/koffice-1.3.3-2.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 d9cf8ecb69c8d7ccc2f0168ee078b3d3  x86_64/10.1/RPMS/koffice-1.3.3-2.2.101mdk.x86_64.rpm
 460dd9a91e6e82323e110bf052371a52  x86_64/10.1/RPMS/koffice-karbon-1.3.3-2.2.101mdk.x86_64.rpm
 3ae887f0ac3679219721611c1f05697d  x86_64/10.1/RPMS/koffice-kformula-1.3.3-2.2.101mdk.x86_64.rpm
 49efb5347574454645adca560a81f911  x86_64/10.1/RPMS/koffice-kivio-1.3.3-2.2.101mdk.x86_64.rpm
 6f4a57a3d88a88ea7a179b4a1a113de9  x86_64/10.1/RPMS/koffice-koshell-1.3.3-2.2.101mdk.x86_64.rpm
 d5be06b78eb1a0d2606be0deaa45a4a8  x86_64/10.1/RPMS/koffice-kpresenter-1.3.3-2.2.101mdk.x86_64.rpm
 96ed4e467d93797e925f09c3ca150a0b  x86_64/10.1/RPMS/koffice-kspread-1.3.3-2.2.101mdk.x86_64.rpm
 41c1e39c0766d9ed0a823d8d5fa7499b  x86_64/10.1/RPMS/koffice-kugar-1.3.3-2.2.101mdk.x86_64.rpm
 cc48202eb30adf7625464def2461901c  x86_64/10.1/RPMS/koffice-kword-1.3.3-2.2.101mdk.x86_64.rpm
 7b672b3f77fe1d16ba22fe266695ffa9  x86_64/10.1/RPMS/koffice-progs-1.3.3-2.2.101mdk.x86_64.rpm
 3d73eb1169a9a1055c06e134bb366b9f  x86_64/10.1/RPMS/lib64koffice2-karbon-1.3.3-2.2.101mdk.x86_64.rpm
 c31083fa21030ae3270b6623ae6cb29c  x86_64/10.1/RPMS/lib64koffice2-kformula-1.3.3-2.2.101mdk.x86_64.rpm
 228b5a7e9a0f71b59b00d89f79dd627b  x86_64/10.1/RPMS/lib64koffice2-kivio-1.3.3-2.2.101mdk.x86_64.rpm
 9ecf703ab3f988fb9cd914c46387bd21  x86_64/10.1/RPMS/lib64koffice2-koshell-1.3.3-2.2.101mdk.x86_64.rpm
 456dea35aba11bdfbf3fe253939289b9  x86_64/10.1/RPMS/lib64koffice2-kpresenter-1.3.3-2.2.101mdk.x86_64.rpm
 75e1f65af93ef7fb4f5a754b0c7bec31  x86_64/10.1/RPMS/lib64koffice2-kspread-1.3.3-2.2.101mdk.x86_64.rpm
 9c44cfeb5ddf24bf0a7cb0f7cb2aab0a  x86_64/10.1/RPMS/lib64koffice2-kspread-devel-1.3.3-2.2.101mdk.x86_64.rpm
 7b18675837a38c393747a6dd4b6ccf4e  x86_64/10.1/RPMS/lib64koffice2-kugar-1.3.3-2.2.101mdk.x86_64.rpm
 f570ef6a23fa7afc2fb4379329853999  x86_64/10.1/RPMS/lib64koffice2-kugar-devel-1.3.3-2.2.101mdk.x86_64.rpm
 4a558d84ab7a2d547c35801aca5d3dbb  x86_64/10.1/RPMS/lib64koffice2-kword-1.3.3-2.2.101mdk.x86_64.rpm
 ea2261303599a4c9d465304e27201f64  x86_64/10.1/RPMS/lib64koffice2-kword-devel-1.3.3-2.2.101mdk.x86_64.rpm
 77ade17c9ac8c20c9cf55478dd12aff7  x86_64/10.1/RPMS/lib64koffice2-progs-1.3.3-2.2.101mdk.x86_64.rpm
 996b4496c415ffdc41c56e5d0dba97b5  x86_64/10.1/RPMS/lib64koffice2-progs-devel-1.3.3-2.2.101mdk.x86_64.rpm
 618a562fb56d40e4ecfd730d2b1be49b  x86_64/10.1/SRPMS/koffice-1.3.3-2.2.101mdk.src.rpm

 Corporate Server 3.0:
 b487481d69017027aa30d300768f077e  corporate/3.0/RPMS/koffice-1.3-12.2.C30mdk.i586.rpm
 8b4d331f0944c61fb8e5077bca050c2f  corporate/3.0/RPMS/libkoffice2-1.3-12.2.C30mdk.i586.rpm
 4d1dae4b305ff73a186b3eaf41ab89bb  corporate/3.0/RPMS/libkoffice2-devel-1.3-12.2.C30mdk.i586.rpm
 4ce907e44911ae3797f7746e2b73188f  corporate/3.0/SRPMS/koffice-1.3-12.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
State-of-the-art spear phishing and defenses
Linux kernel source code repositories get better security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.