LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated koffice packages fix crafted pdf file vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. The updated packages have been patched to correct this problem.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:018
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : koffice
 Date    : January 18, 2007
 Affected: 2007.0
 _______________________________________________________________________
 
 Problem Description:
 
 The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2,
 kpdf in KDE before 3.5.5, and other products, allows remote attackers
 to have an unknown impact, possibly including denial of service
 (infinite loop), arbitrary code execution, or memory corruption, via a
 PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages
 attribute that references an invalid page tree node.

 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 b1cdf9519f03f701c6e538a90a23caf9  2007.0/i586/koffice-1.5.91-3.3mdv2007.0.i586.rpm
 783305f6c0b3c3cef71d8479fa17a095  2007.0/i586/koffice-karbon-1.5.91-3.3mdv2007.0.i586.rpm
 ff64ba24814230cf14f50e84ddccbb78  2007.0/i586/koffice-kexi-1.5.91-3.3mdv2007.0.i586.rpm
 273e5672aca7b387f879aecbdef48278  2007.0/i586/koffice-kformula-1.5.91-3.3mdv2007.0.i586.rpm
 37d873cba6a9b8fa9d0d6b33a71597e0  2007.0/i586/koffice-kivio-1.5.91-3.3mdv2007.0.i586.rpm
 d961fa397c4a72a034b7baf9e9ecfb9a  2007.0/i586/koffice-koshell-1.5.91-3.3mdv2007.0.i586.rpm
 56592c5a74838446e649c15c48fe8853  2007.0/i586/koffice-kplato-1.5.91-3.3mdv2007.0.i586.rpm
 4ebfda9a175e07de07ee197707434a5d  2007.0/i586/koffice-kpresenter-1.5.91-3.3mdv2007.0.i586.rpm
 064db7d95802e559144bfa5b9c408bb7  2007.0/i586/koffice-krita-1.5.91-3.3mdv2007.0.i586.rpm
 70fa6928e34a9ebcbd0359763695d791  2007.0/i586/koffice-kspread-1.5.91-3.3mdv2007.0.i586.rpm
 1dca8ca1061a329290251bda492cb8c4  2007.0/i586/koffice-kugar-1.5.91-3.3mdv2007.0.i586.rpm
 a4bc6a10e43743f46cbc05173e325484  2007.0/i586/koffice-kword-1.5.91-3.3mdv2007.0.i586.rpm
 cf559afa4445ba333ac23062026ab76d  2007.0/i586/koffice-progs-1.5.91-3.3mdv2007.0.i586.rpm
 57049355d5b9d28a540a36e9d37ea3f9  2007.0/i586/libkoffice2-karbon-1.5.91-3.3mdv2007.0.i586.rpm
 c28ab56ff8bc4bafb8256321ad11f69c  2007.0/i586/libkoffice2-karbon-devel-1.5.91-3.3mdv2007.0.i586.rpm
 dc4e1ac6a0d357a574d1d8f837e2b485  2007.0/i586/libkoffice2-kexi-1.5.91-3.3mdv2007.0.i586.rpm
 305b86ad6ca9d684839308b9326ccb55  2007.0/i586/libkoffice2-kexi-devel-1.5.91-3.3mdv2007.0.i586.rpm
 f1011e0ad3d2783b5d01742736e3bbcc  2007.0/i586/libkoffice2-kformula-1.5.91-3.3mdv2007.0.i586.rpm
 4fe66ee781ad6cd648cfa705dc6e1dbc  2007.0/i586/libkoffice2-kformula-devel-1.5.91-3.3mdv2007.0.i586.rpm
 4a937f22adff9c856700f208438132cc  2007.0/i586/libkoffice2-kivio-1.5.91-3.3mdv2007.0.i586.rpm
 520258316a44dfbf6c13c7d7b96d5504  2007.0/i586/libkoffice2-kivio-devel-1.5.91-3.3mdv2007.0.i586.rpm
 f62280e2ab006729efc6a4af379e6a23  2007.0/i586/libkoffice2-koshell-1.5.91-3.3mdv2007.0.i586.rpm
 036045cae6863b7872c20ab4d1cc5688  2007.0/i586/libkoffice2-kplato-1.5.91-3.3mdv2007.0.i586.rpm
 1e86cd4131a0b228c18209194719e672  2007.0/i586/libkoffice2-kpresenter-1.5.91-3.3mdv2007.0.i586.rpm
 6d4129270a176cc103efd3d3af77fb86  2007.0/i586/libkoffice2-kpresenter-devel-1.5.91-3.3mdv2007.0.i586.rpm
 c593f3e2688aaba40c43c33e9d7105ea  2007.0/i586/libkoffice2-krita-1.5.91-3.3mdv2007.0.i586.rpm
 4650aaedeb219009e13a714776ed306d  2007.0/i586/libkoffice2-krita-devel-1.5.91-3.3mdv2007.0.i586.rpm
 1a9d2cb47aa3ee4766c58c7dab59e5d8  2007.0/i586/libkoffice2-kspread-1.5.91-3.3mdv2007.0.i586.rpm
 6aaec493fd2d9893028846f4f8e21462  2007.0/i586/libkoffice2-kspread-devel-1.5.91-3.3mdv2007.0.i586.rpm
 e440b2660d6c6a30dfe1a0f916f28710  2007.0/i586/libkoffice2-kugar-1.5.91-3.3mdv2007.0.i586.rpm
 34848cf4d92ab20936380a0b1848b87c  2007.0/i586/libkoffice2-kugar-devel-1.5.91-3.3mdv2007.0.i586.rpm
 1d8d0aa310a11a28afd0372e04dcf3d1  2007.0/i586/libkoffice2-kword-1.5.91-3.3mdv2007.0.i586.rpm
 e141aae296f1ea77ad8ba8e911035a6f  2007.0/i586/libkoffice2-kword-devel-1.5.91-3.3mdv2007.0.i586.rpm
 f3b45e02397192707a4717e4796f8e44  2007.0/i586/libkoffice2-progs-1.5.91-3.3mdv2007.0.i586.rpm
 45ee5c8cb61a7be6802ab927c15fcc45  2007.0/i586/libkoffice2-progs-devel-1.5.91-3.3mdv2007.0.i586.rpm 
 2dcb5c2b4e73e2213718164f97fb4877  2007.0/SRPMS/koffice-1.5.91-3.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 837b0881b72c5b853532dd2502d0ff7a  2007.0/x86_64/koffice-1.5.91-3.3mdv2007.0.x86_64.rpm
 33728635d9a94f6b7231f2a80ddb50ae  2007.0/x86_64/koffice-karbon-1.5.91-3.3mdv2007.0.x86_64.rpm
 c76e8403a507ebc8f249f6f2334935dd  2007.0/x86_64/koffice-kexi-1.5.91-3.3mdv2007.0.x86_64.rpm
 03d4caf72b433c26678fdc6180b637aa  2007.0/x86_64/koffice-kformula-1.5.91-3.3mdv2007.0.x86_64.rpm
 5d716dac65c438f2397b52544a6e8f38  2007.0/x86_64/koffice-kivio-1.5.91-3.3mdv2007.0.x86_64.rpm
 5686d37d4c3cf9c40ba8e0e2d7f75050  2007.0/x86_64/koffice-koshell-1.5.91-3.3mdv2007.0.x86_64.rpm
 245f05881374b5c0ff96fda584fe0e68  2007.0/x86_64/koffice-kplato-1.5.91-3.3mdv2007.0.x86_64.rpm
 48b03d85d6c565830c984ffa70fe5ed4  2007.0/x86_64/koffice-kpresenter-1.5.91-3.3mdv2007.0.x86_64.rpm
 91babf38de874d98768de64f5151243d  2007.0/x86_64/koffice-krita-1.5.91-3.3mdv2007.0.x86_64.rpm
 905ccf7c609c2dc46051109a92d0b967  2007.0/x86_64/koffice-kspread-1.5.91-3.3mdv2007.0.x86_64.rpm
 b13880c4f3e75fb87c1a06ccebe130c6  2007.0/x86_64/koffice-kugar-1.5.91-3.3mdv2007.0.x86_64.rpm
 1ab02849f6053668c3f32481ac027ff3  2007.0/x86_64/koffice-kword-1.5.91-3.3mdv2007.0.x86_64.rpm
 a19557886617f34e7bc380e2f608182d  2007.0/x86_64/koffice-progs-1.5.91-3.3mdv2007.0.x86_64.rpm
 10e515bedb617b46c0bd0c2201ba0778  2007.0/x86_64/lib64koffice2-karbon-1.5.91-3.3mdv2007.0.x86_64.rpm
 c779557283f634c818b57d673cc0d282  2007.0/x86_64/lib64koffice2-karbon-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
 a52e7d5c03f03954674e955e518ecdda  2007.0/x86_64/lib64koffice2-kexi-1.5.91-3.3mdv2007.0.x86_64.rpm
 6abce5b2c97323df1c34cfbb51c24e8c  2007.0/x86_64/lib64koffice2-kexi-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
 8d3a2a1cbb1778dce5943407ae54ec91  2007.0/x86_64/lib64koffice2-kformula-1.5.91-3.3mdv2007.0.x86_64.rpm
 cb4bc66b2185c02c7f9d63cb5437990a  2007.0/x86_64/lib64koffice2-kformula-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
 74b9c1c5afe1d3bd26d702d002d70201  2007.0/x86_64/lib64koffice2-kivio-1.5.91-3.3mdv2007.0.x86_64.rpm
 84fb2950e93db3274a10a1967b63cfd1  2007.0/x86_64/lib64koffice2-kivio-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
 dce5027826fd5808045a81d54128d6bd  2007.0/x86_64/lib64koffice2-koshell-1.5.91-3.3mdv2007.0.x86_64.rpm
 43139b9b61586d0dde15ca648d4bd1bf  2007.0/x86_64/lib64koffice2-kplato-1.5.91-3.3mdv2007.0.x86_64.rpm
 536c7f344165974e98d24bfa03ad999b  2007.0/x86_64/lib64koffice2-kpresenter-1.5.91-3.3mdv2007.0.x86_64.rpm
 558e2156bd14fe3889e50d128e1b9777  2007.0/x86_64/lib64koffice2-kpresenter-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
 5f1ff30462271fcdbb348be7fdfed67c  2007.0/x86_64/lib64koffice2-krita-1.5.91-3.3mdv2007.0.x86_64.rpm
 d92007f528c1c4bbd5f08e1a372f360f  2007.0/x86_64/lib64koffice2-krita-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
 e4f4608eee0c34b0ea5dbcedfa322e10  2007.0/x86_64/lib64koffice2-kspread-1.5.91-3.3mdv2007.0.x86_64.rpm
 0b9265836827e5519439507505e854ff  2007.0/x86_64/lib64koffice2-kspread-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
 175974918d496b876fb0f153d6325132  2007.0/x86_64/lib64koffice2-kugar-1.5.91-3.3mdv2007.0.x86_64.rpm
 6769a7aa06bc0ef765473806877a74a3  2007.0/x86_64/lib64koffice2-kugar-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
 88578bf2bd7b6a2e2d2e361163ee4d44  2007.0/x86_64/lib64koffice2-kword-1.5.91-3.3mdv2007.0.x86_64.rpm
 d2c14a93ba278c18f12a2366149d24c0  2007.0/x86_64/lib64koffice2-kword-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
 fab8c782b89b43a15df544ef6da61a42  2007.0/x86_64/lib64koffice2-progs-1.5.91-3.3mdv2007.0.x86_64.rpm
 726d9d0df73c3603cbc22a7ac3fdc061  2007.0/x86_64/lib64koffice2-progs-devel-1.5.91-3.3mdv2007.0.x86_64.rpm 
 2dcb5c2b4e73e2213718164f97fb4877  2007.0/SRPMS/koffice-1.5.91-3.3mdv2007.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Disaster as CryptoWall encrypts US firm's entire server installation
Now Everyone Wants to Sell You a Magical Anonymity Router. Choose Wisely
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.