LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 1st, 2014
Linux Security Week: July 28th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Gnumeric vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Thilo Pfennig and Morten Welinder discovered that the XLS spreadsheet handling code in Gnumeric did not correctly calculate needed memory sizes. If a user or automated system were tricked into loading a specially crafted XLS document, a remote attacker could execute arbitrary code with user privileges.
=========================================================== 
Ubuntu Security Notice USN-604-1             April 22, 2008
gnumeric vulnerability
CVE-2008-0668
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  gnumeric                        1.6.3-0ubuntu4.1

Ubuntu 6.10:
  gnumeric                        1.7.0-1ubuntu4.1

Ubuntu 7.04:
  gnumeric                        1.7.8-0ubuntu1.1

Ubuntu 7.10:
  gnumeric                        1.7.11-1ubuntu3.1

After a standard system upgrade you need to restart gnumeric to effect
the necessary changes.

Details follow:

Thilo Pfennig and Morten Welinder discovered that the XLS spreadsheet
handling code in Gnumeric did not correctly calculate needed memory sizes.
If a user or automated system were tricked into loading a specially crafted
XLS document, a remote attacker could execute arbitrary code with user
privileges.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.6.3-0ubuntu4.1.diff.gz
      Size/MD5:    39323 42574f5797fcb226ef7528181035d31c
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.6.3-0ubuntu4.1.dsc
      Size/MD5:     1392 b1628c2e7b4d4a78818f09de3e596cda
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.6.3.orig.tar.gz
      Size/MD5: 16479052 da792f23bf26a69788736088e69fc7c0

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-common_1.6.3-0ubuntu4.1_all.deb
      Size/MD5:   258934 1c30004cd9d4443f48fb74e0357dbb26
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-doc_1.6.3-0ubuntu4.1_all.deb
      Size/MD5:  4171512 587217e92ec63e28c30c90951bb499d4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.6.3-0ubuntu4.1_amd64.deb
      Size/MD5:  2022790 29be161b0419af30e692b232ad012179
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-0ubuntu4.1_amd64.deb
      Size/MD5:   156402 9e44cd40784f0a4c9ab54d53731689eb
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.6.3-0ubuntu4.1_amd64.deb
      Size/MD5:  2190380 307ed2f6290371777dd0bd8390efb280

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.6.3-0ubuntu4.1_i386.deb
      Size/MD5:  1839904 31f48a91d2feda9ffb730f0ed5c605d2
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-0ubuntu4.1_i386.deb
      Size/MD5:   150402 bbd8fae8e2917028fde1c2fdc9868bdf
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.6.3-0ubuntu4.1_i386.deb
      Size/MD5:  2004104 e219d6ab8ffe2507535a3d0d92fc87b9

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.6.3-0ubuntu4.1_powerpc.deb
      Size/MD5:  2023376 bf62ee21a1b224774d0d5ab086ddbb38
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-0ubuntu4.1_powerpc.deb
      Size/MD5:   156886 ef7c27b3560402fdd6408e083c4229a1
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.6.3-0ubuntu4.1_powerpc.deb
      Size/MD5:  2195736 f13fb41011cbaaef437ff3086e8ba50a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.6.3-0ubuntu4.1_sparc.deb
      Size/MD5:  1949834 c801e237cb504629685f1885fecaca2b
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-0ubuntu4.1_sparc.deb
      Size/MD5:   152654 a08a044cc0b3aa7546eef87378974db1
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.6.3-0ubuntu4.1_sparc.deb
      Size/MD5:  2114764 2a34e8b43ec31a8e78be3ec52492dd2e

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.0-1ubuntu4.1.diff.gz
      Size/MD5:    45261 7565d8605bca038543084fcbc78d4845
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.0-1ubuntu4.1.dsc
      Size/MD5:     1378 366052e7cdf751cbea1f1d894077cc30
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.0.orig.tar.gz
      Size/MD5: 16535049 9943fe7fe942ced6187d73fc334e6707

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-common_1.7.0-1ubuntu4.1_all.deb
      Size/MD5:   366210 ccb44a14e76e4ef57312a71f2bc6e35f
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-doc_1.7.0-1ubuntu4.1_all.deb
      Size/MD5:  4184614 fa368b34254b4ee2618bf159a463e53d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.7.0-1ubuntu4.1_amd64.deb
      Size/MD5:  2087748 390a95976f17ab6a7a65271836d8a261
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.7.0-1ubuntu4.1_amd64.deb
      Size/MD5:   170090 3268feb35204eca92b3b908f468a0f67
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.0-1ubuntu4.1_amd64.deb
      Size/MD5:  2259060 ab4d6e1a0815f4f20fde944954f06943

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.7.0-1ubuntu4.1_i386.deb
      Size/MD5:  1958608 a821c922acba32be87cbd00e4f09d3af
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.7.0-1ubuntu4.1_i386.deb
      Size/MD5:   165110 f2abe52d16e3b770097b41a5ec086537
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.0-1ubuntu4.1_i386.deb
      Size/MD5:  2132484 8862169b3ca2058b44d58f133e7f0c8b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.7.0-1ubuntu4.1_powerpc.deb
      Size/MD5:  2095692 e20b237a7667b8fe1f26a18c74972683
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.7.0-1ubuntu4.1_powerpc.deb
      Size/MD5:   170628 8c15273771f1b4e06516b1022633347d
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.0-1ubuntu4.1_powerpc.deb
      Size/MD5:  2269756 ca07ce5b14cbc24d30574aa12d442213

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.7.0-1ubuntu4.1_sparc.deb
      Size/MD5:  2010592 d49c51704da28e96c0d7c8d230b7fceb
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.7.0-1ubuntu4.1_sparc.deb
      Size/MD5:   165998 9af74233f30ab1b68dbd14ee1fd900a9
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.0-1ubuntu4.1_sparc.deb
      Size/MD5:  2184538 f2b4e9ce72bcd381afb90614aa62a7da

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.8-0ubuntu1.1.diff.gz
      Size/MD5:    48102 4cb4b66876b137433661b6446c363f36
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.8-0ubuntu1.1.dsc
      Size/MD5:     1439 4a43bc0852c9c88d055eaf87ff879bd7
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.8.orig.tar.gz
      Size/MD5: 17058762 b03c5ba327fad7dc331e113b7f531210

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-common_1.7.8-0ubuntu1.1_all.deb
      Size/MD5:   265514 47a4359a683a02445fea4d4b25a38d3c
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-doc_1.7.8-0ubuntu1.1_all.deb
      Size/MD5:  4143238 4cd31e5683e5d46d33655722c0a306ef

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.7.8-0ubuntu1.1_amd64.deb
      Size/MD5:  2122024 f5ee64a51c1cbc071f6565d02d304eac
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.7.8-0ubuntu1.1_amd64.deb
      Size/MD5:   130022 e51a82c0d7f8cab43f7dc105da3a5685
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.8-0ubuntu1.1_amd64.deb
      Size/MD5:  2302878 e1955434fa5f79d5bbe6db8ca4fc9882

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.7.8-0ubuntu1.1_i386.deb
      Size/MD5:  1982206 72af664845f20250cfe6ce75e1b95764
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.7.8-0ubuntu1.1_i386.deb
      Size/MD5:   125050 3e7e0a9c2215e3844a4551e6a3507411
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.8-0ubuntu1.1_i386.deb
      Size/MD5:  2164976 475764927dced5df4b4bf367db41fc26

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.7.8-0ubuntu1.1_powerpc.deb
      Size/MD5:  2260072 6defff3e93bd5aad82347c503ca51683
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.7.8-0ubuntu1.1_powerpc.deb
      Size/MD5:   135964 4f5d5cd7e11c0a4f902b6515da408580
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.8-0ubuntu1.1_powerpc.deb
      Size/MD5:  2442084 bfda15f48688cc98413a562a29bbe2c0

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.7.8-0ubuntu1.1_sparc.deb
      Size/MD5:  2044240 a506f3573c8145ddd66e61dc2ddb0646
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.7.8-0ubuntu1.1_sparc.deb
      Size/MD5:   125784 f6e1d5d973985dea00697123d4c30a51
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.8-0ubuntu1.1_sparc.deb
      Size/MD5:  2224148 59d58a3a54e66ad14439d3fa63d4bc80

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.11-1ubuntu3.1.diff.gz
      Size/MD5:    47530 aa0e6a89376cbd357399943ff92252e1
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.11-1ubuntu3.1.dsc
      Size/MD5:     1375 c1884a9ba0a346d3ed8563f7845ab0f0
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.11.orig.tar.gz
      Size/MD5: 17274168 8d07bbd5b57f55bbd26e0815d4146f9e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-common_1.7.11-1ubuntu3.1_all.deb
      Size/MD5:   264998 53c0609a802420302188612056afbad1
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-doc_1.7.11-1ubuntu3.1_all.deb
      Size/MD5:  4155974 4760c4d176646988a566c4ec957a1e03

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.7.11-1ubuntu3.1_amd64.deb
      Size/MD5:  2145298 bfb0f86aa2dd8a223e3e3760a9a0a059
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.7.11-1ubuntu3.1_amd64.deb
      Size/MD5:   142752 86394e3f002cb064e81a567e715c989c
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.11-1ubuntu3.1_amd64.deb
      Size/MD5:  2331142 4b26c626508ad62d537b7d960ffefc4b

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.7.11-1ubuntu3.1_i386.deb
      Size/MD5:  2005598 b114318f75a12e4374d15b3fcc9231e1
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.7.11-1ubuntu3.1_i386.deb
      Size/MD5:   137866 0a1204f80dc3f54c5e375504764eae1f
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.11-1ubuntu3.1_i386.deb
      Size/MD5:  2189096 1fd2ddae9a5e0015684e47c182bdea1f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.7.11-1ubuntu3.1_powerpc.deb
      Size/MD5:  2281254 b1fb989c0f54c1377ac3691eba0d0c56
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.7.11-1ubuntu3.1_powerpc.deb
      Size/MD5:   148522 21432f8c173c2e1777cfc36fa033a3ca
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.11-1ubuntu3.1_powerpc.deb
      Size/MD5:  2468958 4a1261f085e0d779f66ece69e8dac2b0

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-gtk_1.7.11-1ubuntu3.1_sparc.deb
      Size/MD5:  2067614 86b25a9c7f7b28f1eeb829cd8aee34c4
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric-plugins-extra_1.7.11-1ubuntu3.1_sparc.deb
      Size/MD5:   138404 b38d4b16c9ce1a3c70dcad82f059d578
    http://security.ubuntu.com/ubuntu/pool/main/g/gnumeric/gnumeric_1.7.11-1ubuntu3.1_sparc.deb
      Size/MD5:  2252586 9b11db6d2a2e0cc7fb53a4497390c774


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Attackers can easily create dangerous file-encrypting malware, new threat suggests
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.