Mandriva: Subject: [Security Announce] [ MDVSA-2008:197-1 ] koffice
Posted by Benjamin D. Thomas   
Mandrake Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened (CVE-2008-1693).
 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2008:197-1
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : koffice
 Date    : September 16, 2008
 Affected: 2008.1
 _______________________________________________________________________

 Problem Description:

 Kees Cook of Ubuntu security found a flaw in how poppler prior
 to version 0.6 displayed malformed fonts embedded in PDF files.
 An attacker could create a malicious PDF file that would cause
 applications using poppler to crash, or possibly execute arbitrary
 code when opened (CVE-2008-1693).
 
 This vulnerability also affected KOffice, so the updated packages
 have been patched to correct this issue.

 Update:

 A file conflicts existed between one of the library packages and
 the koffice-devel package which prevented successful upgrades if
 koffice-devel was previously installed.  This update removes the
 conflicting file from koffice-devel.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1693
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 9fc9058a61245b53820aaf028a95cb93  2008.1/i586/koffice-1.6.3-19.2mdv2008.1.i586.rpm
 40e5792ca03f3afc9255c59fecef0a4b  2008.1/i586/koffice-common-1.6.3-19.2mdv2008.1.i586.rpm
 c342393fe6a23cfddcbdbce991025ce9  2008.1/i586/koffice-devel-1.6.3-19.2mdv2008.1.i586.rpm
 7dba80c0d6e67ba6e4209db26b0f68f7  2008.1/i586/koffice-karbon-1.6.3-19.2mdv2008.1.i586.rpm
 4b673a4c809dd91d5b6773e80e81251f  2008.1/i586/koffice-kchart-1.6.3-19.2mdv2008.1.i586.rpm
 668204829e9c5dfd4cf9bf5ab00ed415  2008.1/i586/koffice-kexi-1.6.3-19.2mdv2008.1.i586.rpm
 6594320faca0810ad25856cfa8aa3272  2008.1/i586/koffice-kformula-1.6.3-19.2mdv2008.1.i586.rpm
 24cef926dc5e0f1f36b7c6d4a7f0fd17  2008.1/i586/koffice-kivio-1.6.3-19.2mdv2008.1.i586.rpm
 565ffe090c6f40478ecbc7aa4627ccd4  2008.1/i586/koffice-koshell-1.6.3-19.2mdv2008.1.i586.rpm
 b7320e9146cf57967d147afcad9139b2  2008.1/i586/koffice-kplato-1.6.3-19.2mdv2008.1.i586.rpm
 6bfe2eb5373b7e4188288eb045845760  2008.1/i586/koffice-kpresenter-1.6.3-19.2mdv2008.1.i586.rpm
 fd464c35e15af9e49dba29c44ba47d72  2008.1/i586/koffice-krita-1.6.3-19.2mdv2008.1.i586.rpm
 cd8397bda29433c8b46ff9f741e9a405  2008.1/i586/koffice-kspread-1.6.3-19.2mdv2008.1.i586.rpm
 ee387b2420f701cad6ec05303c105dff  2008.1/i586/koffice-kugar-1.6.3-19.2mdv2008.1.i586.rpm
 f67768d432c613b746112f2c416affb3  2008.1/i586/koffice-kword-1.6.3-19.2mdv2008.1.i586.rpm
 79bd94c706ae581bd1994276de967d09  2008.1/i586/libkoffice2-common-1.6.3-19.2mdv2008.1.i586.rpm
 9da17bf65e8edae5b21480d238042673  2008.1/i586/libkoffice2-karbon-1.6.3-19.2mdv2008.1.i586.rpm
 701df7ab2cd5fcca80c25c0bad8421d2  2008.1/i586/libkoffice2-kchart-1.6.3-19.2mdv2008.1.i586.rpm
 50a1db0344945bfcf617dbb1c415b749  2008.1/i586/libkoffice2-kexi-1.6.3-19.2mdv2008.1.i586.rpm
 c3b9ad583476f50692621d99d2badd9b  2008.1/i586/libkoffice2-kformula-1.6.3-19.2mdv2008.1.i586.rpm
 9e080d2f2fad5e8b0157c14fa8bda8e2  2008.1/i586/libkoffice2-kivio-1.6.3-19.2mdv2008.1.i586.rpm
 8e90826b51695800eda59040126cb631  2008.1/i586/libkoffice2-kpresenter-1.6.3-19.2mdv2008.1.i586.rpm
 2df5c40d758e2f438a7aa886f9dfcc5b  2008.1/i586/libkoffice2-krita-1.6.3-19.2mdv2008.1.i586.rpm
 c6215129355285a626a2263461c7bb40  2008.1/i586/libkoffice2-kspread-1.6.3-19.2mdv2008.1.i586.rpm
 1dc88b72c2d018bc0b93d6b2fb214a07  2008.1/i586/libkoffice2-kugar-1.6.3-19.2mdv2008.1.i586.rpm
 ac2c20080bd33595365493d634cd3d3d  2008.1/i586/libkoffice2-kword-1.6.3-19.2mdv2008.1.i586.rpm 
 60f5019cdddb607300df1d2d4d484633  2008.1/SRPMS/koffice-1.6.3-19.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 67924e8788168d8a1e2ebb4933777909  2008.1/x86_64/koffice-1.6.3-19.2mdv2008.1.x86_64.rpm
 d883c723221df59b1110088ab3a91d16  2008.1/x86_64/koffice-common-1.6.3-19.2mdv2008.1.x86_64.rpm
 9eb30de0ed270d088f0d66f8ca9a7cd5  2008.1/x86_64/koffice-devel-1.6.3-19.2mdv2008.1.x86_64.rpm
 d31dba330aae04550b0603098880d436  2008.1/x86_64/koffice-karbon-1.6.3-19.2mdv2008.1.x86_64.rpm
 d7f2e4d827ac479ce83490c78d6fd684  2008.1/x86_64/koffice-kchart-1.6.3-19.2mdv2008.1.x86_64.rpm
 0837250c2c8966bccb0dd91194158864  2008.1/x86_64/koffice-kexi-1.6.3-19.2mdv2008.1.x86_64.rpm
 f9e004a98598a46d1610ad9944ee3daf  2008.1/x86_64/koffice-kformula-1.6.3-19.2mdv2008.1.x86_64.rpm
 83e4fb3c90c0fb2b5c482caeff704639  2008.1/x86_64/koffice-kivio-1.6.3-19.2mdv2008.1.x86_64.rpm
 9b5b72aeb10dc6f3d9b758937888429a  2008.1/x86_64/koffice-koshell-1.6.3-19.2mdv2008.1.x86_64.rpm
 830209a19db9d7f4a81257bbc2d63142  2008.1/x86_64/koffice-kplato-1.6.3-19.2mdv2008.1.x86_64.rpm
 e776b00ea58306fe327d5de020f5885b  2008.1/x86_64/koffice-kpresenter-1.6.3-19.2mdv2008.1.x86_64.rpm
 299c89bff0dbd967a5412385dc6e713e  2008.1/x86_64/koffice-krita-1.6.3-19.2mdv2008.1.x86_64.rpm
 4e64c85d047c4f2f157f3cdc1eb20d9a  2008.1/x86_64/koffice-kspread-1.6.3-19.2mdv2008.1.x86_64.rpm
 6adeb84dbbed981435a8f68a53f3c148  2008.1/x86_64/koffice-kugar-1.6.3-19.2mdv2008.1.x86_64.rpm
 5d6f9c74329bfa658b18181ed70bc9ea  2008.1/x86_64/koffice-kword-1.6.3-19.2mdv2008.1.x86_64.rpm
 6934689b915ef9e0fd38b2324d5e2072  2008.1/x86_64/lib64koffice2-common-1.6.3-19.2mdv2008.1.x86_64.rpm
 b64b1e7a6477ae4a11795388488864c4  2008.1/x86_64/lib64koffice2-karbon-1.6.3-19.2mdv2008.1.x86_64.rpm
 f9aeb37ad12c60b7fc35bbe2b6930abf  2008.1/x86_64/lib64koffice2-kchart-1.6.3-19.2mdv2008.1.x86_64.rpm
 38c55170262dd984f98b06535fd1eaad  2008.1/x86_64/lib64koffice2-kexi-1.6.3-19.2mdv2008.1.x86_64.rpm
 68ef9b4dd14dd424d78077faf695668b  2008.1/x86_64/lib64koffice2-kformula-1.6.3-19.2mdv2008.1.x86_64.rpm
 74da0b68b94cc4796c4dbc27511cb0b7  2008.1/x86_64/lib64koffice2-kivio-1.6.3-19.2mdv2008.1.x86_64.rpm
 b024097ecec076e8cce4dbec101fc5f7  2008.1/x86_64/lib64koffice2-kpresenter-1.6.3-19.2mdv2008.1.x86_64.rpm
 7ebb3b636f803be434bf961f162aa418  2008.1/x86_64/lib64koffice2-krita-1.6.3-19.2mdv2008.1.x86_64.rpm
 4d74dc6617956f48d2d27cb0f284fe85  2008.1/x86_64/lib64koffice2-kspread-1.6.3-19.2mdv2008.1.x86_64.rpm
 da4b013214357d6910ce74f66d33eec2  2008.1/x86_64/lib64koffice2-kugar-1.6.3-19.2mdv2008.1.x86_64.rpm
 a9d1b821946469c51e7d5fa8b73a3e09  2008.1/x86_64/lib64koffice2-kword-1.6.3-19.2mdv2008.1.x86_64.rpm 
 60f5019cdddb607300df1d2d4d484633  2008.1/SRPMS/koffice-1.6.3-19.2mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team