LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated koffice packages fix several vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:008
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : koffice
 Date    : January 6, 2006
 Affected: 2006.0
 _______________________________________________________________________
 
 Problem Description:
 
 Multiple heap-based buffer overflows in the
 DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions
 in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier,
 allow user-complicit attackers to cause a denial of service (heap
 corruption) and possibly execute arbitrary code via a crafted  PDF file
 with an out-of-range number of components (numComps), which is used as
 an array index. (CVE-2005-3191)
  
 Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01
 allows remote attackers to execute arbitrary code via a PDF file with
 an out-of-range numComps (number of components) field. (CVE-2005-3192)
 
 Heap-based buffer overflow in the JPXStream::readCodestream function
 in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier
 allows user-complicit attackers to cause a denial of service (heap
 corruption) and possibly execute arbitrary code via a crafted PDF file
 with large size values that cause insufficient memory to be allocated.
 (CVE-2005-3193)
 
 An additional patch re-addresses memory allocation routines in
 goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE). 
 
 In addition, Chris Evans discovered several other vulnerbilities in
 the xpdf code base:
 
  Out-of-bounds heap accesses with large or negative parameters to 
   "FlateDecode" stream. (CVE-2005-3192)
 
  Out-of-bounds heap accesses with large or negative parameters to
   "CCITTFaxDecode" stream. (CVE-2005-3624)
 
  Infinite CPU spins in various places when stream ends unexpectedly.
   (CVE-2005-3625) 
 
  NULL pointer crash in the "FlateDecode" stream. (CVE-2005-3626)
 
  Overflows of compInfo array in "DCTDecode" stream. (CVE-2005-3627)
 
  Possible to use index past end of array in "DCTDecode" stream.
   (CVE-2005-3627)
 
  Possible out-of-bounds indexing trouble in "DCTDecode" stream.
   (CVE-2005-3627)
 
 Koffice uses an embedded copy of the xpdf code, with the same
 vulnerabilities.
 
 The updated packages have been patched to correct these problems.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 5decbf029bf4482d1f93ea0df446121f  2006.0/RPMS/koffice-1.4.2-11.2.20060mdk.i586.rpm
 2aca3ec22b051466aeb57c82b26d12aa  2006.0/RPMS/koffice-karbon-1.4.2-11.2.20060mdk.i586.rpm
 f39b2a5a7ef35a0f579a0055b1c429c4  2006.0/RPMS/koffice-kexi-1.4.2-11.2.20060mdk.i586.rpm
 caab0530fcfcf10ec5913e7b101541c6  2006.0/RPMS/koffice-kformula-1.4.2-11.2.20060mdk.i586.rpm
 0a3732921e20069fd3b5cbac8c4733a9  2006.0/RPMS/koffice-kivio-1.4.2-11.2.20060mdk.i586.rpm
 e4d711f1487f3716f19527950bb64283  2006.0/RPMS/koffice-koshell-1.4.2-11.2.20060mdk.i586.rpm
 f5013764806edfcf9a31503b613459a2  2006.0/RPMS/koffice-kpresenter-1.4.2-11.2.20060mdk.i586.rpm
 668a7eb653da4db18b2e1c9daefb7e94  2006.0/RPMS/koffice-krita-1.4.2-11.2.20060mdk.i586.rpm
 ebb18a9011e702f01718c4c2b4d759e1  2006.0/RPMS/koffice-kspread-1.4.2-11.2.20060mdk.i586.rpm
 89a8d46e5768595584fcdbe307add521  2006.0/RPMS/koffice-kugar-1.4.2-11.2.20060mdk.i586.rpm
 1e9b58585bf742239b210e8519ed0d8f  2006.0/RPMS/koffice-kword-1.4.2-11.2.20060mdk.i586.rpm
 e5e19df847dc2693066a922f73b42c50  2006.0/RPMS/koffice-progs-1.4.2-11.2.20060mdk.i586.rpm
 fa63274a949dd60692888f515606f079  2006.0/RPMS/libkoffice2-karbon-1.4.2-11.2.20060mdk.i586.rpm
 8bedc58288b05ffb3134c07b7d46a118  2006.0/RPMS/libkoffice2-karbon-devel-1.4.2-11.2.20060mdk.i586.rpm
 681887908face81c17a37ca00d6c6022  2006.0/RPMS/libkoffice2-kexi-1.4.2-11.2.20060mdk.i586.rpm
 eab5ad72e95f108b923f3bf32bbe10f5  2006.0/RPMS/libkoffice2-kexi-devel-1.4.2-11.2.20060mdk.i586.rpm
 7e4b3718e863d0f66f2b7daca2a25f83  2006.0/RPMS/libkoffice2-kformula-1.4.2-11.2.20060mdk.i586.rpm
 bad0d716230bad4a9fe0ae27017b0ef7  2006.0/RPMS/libkoffice2-kformula-devel-1.4.2-11.2.20060mdk.i586.rpm
 077a3368bef791e1105ba82e41424847  2006.0/RPMS/libkoffice2-kivio-1.4.2-11.2.20060mdk.i586.rpm
 8091986d4999e3a702db1139c4cd1ac1  2006.0/RPMS/libkoffice2-kivio-devel-1.4.2-11.2.20060mdk.i586.rpm
 74eee88d1cafaab8ff4bbbe9717a0e6c  2006.0/RPMS/libkoffice2-koshell-1.4.2-11.2.20060mdk.i586.rpm
 25524a101fb458bfa15bf56706f1d02d  2006.0/RPMS/libkoffice2-kpresenter-1.4.2-11.2.20060mdk.i586.rpm
 e37ecf1e3aa338df37fa210aaf7822dd  2006.0/RPMS/libkoffice2-krita-1.4.2-11.2.20060mdk.i586.rpm
 cb1a07a6c9da09e6db6a506d8875daf8  2006.0/RPMS/libkoffice2-krita-devel-1.4.2-11.2.20060mdk.i586.rpm
 d1594075f9152ac891bb1bf2c3348770  2006.0/RPMS/libkoffice2-kspread-1.4.2-11.2.20060mdk.i586.rpm
 5f026461f8fba599df483bbaefcf8b23  2006.0/RPMS/libkoffice2-kspread-devel-1.4.2-11.2.20060mdk.i586.rpm
 897cbd506eb32b4cfecd6d4430cf217a  2006.0/RPMS/libkoffice2-kugar-1.4.2-11.2.20060mdk.i586.rpm
 7f4a36c89f799e2f6bf19e1bd9264f89  2006.0/RPMS/libkoffice2-kugar-devel-1.4.2-11.2.20060mdk.i586.rpm
 3fe5da8dc83ca866d6ae3a2eb21ff0f0  2006.0/RPMS/libkoffice2-kword-1.4.2-11.2.20060mdk.i586.rpm
 242ea66e5928964417859b1a26b665f8  2006.0/RPMS/libkoffice2-kword-devel-1.4.2-11.2.20060mdk.i586.rpm
 264f937ee2f1678245d3786fb449a1e5  2006.0/RPMS/libkoffice2-progs-1.4.2-11.2.20060mdk.i586.rpm
 6fc8f4494593692a215e6ace8bfc1112  2006.0/RPMS/libkoffice2-progs-devel-1.4.2-11.2.20060mdk.i586.rpm
 d1aa09f80b3e57ecfd60f0a7e263094a  2006.0/SRPMS/koffice-1.4.2-11.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 895d2918a4723f99eb839c4d27306406  x86_64/2006.0/RPMS/koffice-1.4.2-11.2.20060mdk.x86_64.rpm
 e24e0e322dfe02f73c5d1b0571158cf2  x86_64/2006.0/RPMS/koffice-karbon-1.4.2-11.2.20060mdk.x86_64.rpm
 e22a93254fd15c0a7b672a1c6bcb91a0  x86_64/2006.0/RPMS/koffice-kexi-1.4.2-11.2.20060mdk.x86_64.rpm
 39dcd78e2747823f30364a789a7d1193  x86_64/2006.0/RPMS/koffice-kformula-1.4.2-11.2.20060mdk.x86_64.rpm
 c726114646f5fe94121cc2e48a4647b5  x86_64/2006.0/RPMS/koffice-kivio-1.4.2-11.2.20060mdk.x86_64.rpm
 bfcdebd6ced8553c1a7eb6ea1ffddbb9  x86_64/2006.0/RPMS/koffice-koshell-1.4.2-11.2.20060mdk.x86_64.rpm
 5f4d36c6c03dec33f6f88346fe1c8c11  x86_64/2006.0/RPMS/koffice-kpresenter-1.4.2-11.2.20060mdk.x86_64.rpm
 515f8db1ae75c28717a7ed8b7475278f  x86_64/2006.0/RPMS/koffice-krita-1.4.2-11.2.20060mdk.x86_64.rpm
 4cfe74acd379f314f6ff2845920b64b7  x86_64/2006.0/RPMS/koffice-kspread-1.4.2-11.2.20060mdk.x86_64.rpm
 6ec357843424d14fadbd457e49fc3c34  x86_64/2006.0/RPMS/koffice-kugar-1.4.2-11.2.20060mdk.x86_64.rpm
 ac0a4544be03c14981d165c83dd0893e  x86_64/2006.0/RPMS/koffice-kword-1.4.2-11.2.20060mdk.x86_64.rpm
 1a6ddfd8cdde5c9fc9c23fa58e55a7e2  x86_64/2006.0/RPMS/koffice-progs-1.4.2-11.2.20060mdk.x86_64.rpm
 9bf5725e0a5b369653bd579c6be151e6  x86_64/2006.0/RPMS/lib64koffice2-karbon-1.4.2-11.2.20060mdk.x86_64.rpm
 bb80a747c3ba10682967664d58d5a3dc  x86_64/2006.0/RPMS/lib64koffice2-karbon-devel-1.4.2-11.2.20060mdk.x86_64.rpm
 8f7003b51389274cec77c0eaa4f620a1  x86_64/2006.0/RPMS/lib64koffice2-kexi-1.4.2-11.2.20060mdk.x86_64.rpm
 b0058d2ffe854eb0fc7f6d3694b2cf0c  x86_64/2006.0/RPMS/lib64koffice2-kexi-devel-1.4.2-11.2.20060mdk.x86_64.rpm
 0c2dfe7985b8d29b11fb6d5f3bc5f187  x86_64/2006.0/RPMS/lib64koffice2-kformula-1.4.2-11.2.20060mdk.x86_64.rpm
 fe64e075b725f2003ad4b3b75e633815  x86_64/2006.0/RPMS/lib64koffice2-kformula-devel-1.4.2-11.2.20060mdk.x86_64.rpm
 1ce7238b2d8494313df1f71cb5ab45ee  x86_64/2006.0/RPMS/lib64koffice2-kivio-1.4.2-11.2.20060mdk.x86_64.rpm
 4a64f4ef06c4404f7d77685d195c11ba  x86_64/2006.0/RPMS/lib64koffice2-kivio-devel-1.4.2-11.2.20060mdk.x86_64.rpm
 92fea6a7449391fc2c35e02044d03e83  x86_64/2006.0/RPMS/lib64koffice2-koshell-1.4.2-11.2.20060mdk.x86_64.rpm
 a99e683d8c5585df998d5735d4c01f7d  x86_64/2006.0/RPMS/lib64koffice2-kpresenter-1.4.2-11.2.20060mdk.x86_64.rpm
 5f19278c29cf6656d9a56ef39f14d145  x86_64/2006.0/RPMS/lib64koffice2-krita-1.4.2-11.2.20060mdk.x86_64.rpm
 930b637523e583344c0303844496e768  x86_64/2006.0/RPMS/lib64koffice2-krita-devel-1.4.2-11.2.20060mdk.x86_64.rpm
 880b0863b0c0f0ddcde22207abac3164  x86_64/2006.0/RPMS/lib64koffice2-kspread-1.4.2-11.2.20060mdk.x86_64.rpm
 cd0b2c995b2ef8c9f90dbb35349b1b95  x86_64/2006.0/RPMS/lib64koffice2-kspread-devel-1.4.2-11.2.20060mdk.x86_64.rpm
 d4fa15a626d04a31222c596e9b0781a3  x86_64/2006.0/RPMS/lib64koffice2-kugar-1.4.2-11.2.20060mdk.x86_64.rpm
 0562292a610452f83c5070791aeac977  x86_64/2006.0/RPMS/lib64koffice2-kugar-devel-1.4.2-11.2.20060mdk.x86_64.rpm
 ecc6a0c00d8c9160400db4c1698a918e  x86_64/2006.0/RPMS/lib64koffice2-kword-1.4.2-11.2.20060mdk.x86_64.rpm
 0b87a74b84ed37b1d95e5a61247bbe39  x86_64/2006.0/RPMS/lib64koffice2-kword-devel-1.4.2-11.2.20060mdk.x86_64.rpm
 5935898f0e48d386a8f50d1be0f39e62  x86_64/2006.0/RPMS/lib64koffice2-progs-1.4.2-11.2.20060mdk.x86_64.rpm
 f96c5fd8d1e3366a3bef48ef49d52559  x86_64/2006.0/RPMS/lib64koffice2-progs-devel-1.4.2-11.2.20060mdk.x86_64.rpm
 d1aa09f80b3e57ecfd60f0a7e263094a  x86_64/2006.0/SRPMS/koffice-1.4.2-11.2.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.