MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities
Posted on: 01/07/2006 12:22 AM

The Mandriva Security Team published a new security update: MDKSA-2006:008 - Updated koffice packages fix several vulnerabilities for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:008
http://www.mandriva.com/security/
_______________________________________________________________________

Package : koffice
Date : January 6, 2006
Affected: 2006.0
_______________________________________________________________________

Problem Description:

Multiple heap-based buffer overflows in the
DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions
in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier,
allow user-complicit attackers to cause a denial of service (heap
corruption) and possibly execute arbitrary code via a crafted PDF file
with an out-of-range number of components (numComps), which is used as
an array index. (CVE-2005-3191)

Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01
allows remote attackers to execute arbitrary code via a PDF file with
an out-of-range numComps (number of components) field. (CVE-2005-3192)

Heap-based buffer overflow in the JPXStream::readCodestream function
in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier
allows user-complicit attackers to cause a denial of service (heap
corruption) and possibly execute arbitrary code via a crafted PDF file
with large size values that cause insufficient memory to be allocated.
(CVE-2005-3193)

An additional patch re-addresses memory allocation routines in
goo/gmem.c (Martin Pitt/Canonical, Dirk Mueller/KDE).

In addition, Chris Evans discovered several other vulnerbilities in
the xpdf code base:

Out-of-bounds heap accesses with large or negative parameters to
"FlateDecode" stream. (CVE-2005-3192)

Out-of-bounds heap accesses with large or negative parameters to
"CCITTFaxDecode" stream. (CVE-2005-3624)

Infinite CPU spins in various places when stream ends unexpectedly.
(CVE-2005-3625)

NULL pointer crash in the "FlateDecode" stream. (CVE-2005-3626)

Overflows of compInfo array in "DCTDecode" stream. (CVE-2005-3627)

Possible to use index past end of array in "DCTDecode" stream.
(CVE-2005-3627)

Possible out-of-bounds indexing trouble in "DCTDecode" stream.
(CVE-2005-3627)

Koffice uses an embedded copy of the xpdf code, with the same
vulnerabilities.

The updated packages have been patched to correct these problems.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3627
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
5decbf029bf4482d1f93ea0df446121f 2006.0/RPMS/koffice-1.4.2-11.2.20060mdk.i586.rpm
2aca3ec22b051466aeb57c82b26d12aa 2006.0/RPMS/koffice-karbon-1.4.2-11.2.20060mdk.i586.rpm
f39b2a5a7ef35a0f579a0055b1c429c4 2006.0/RPMS/koffice-kexi-1.4.2-11.2.20060mdk.i586.rpm
caab0530fcfcf10ec5913e7b101541c6 2006.0/RPMS/koffice-kformula-1.4.2-11.2.20060mdk.i586.rpm
0a3732921e20069fd3b5cbac8c4733a9 2006.0/RPMS/koffice-kivio-1.4.2-11.2.20060mdk.i586.rpm
e4d711f1487f3716f19527950bb64283 2006.0/RPMS/koffice-koshell-1.4.2-11.2.20060mdk.i586.rpm
f5013764806edfcf9a31503b613459a2 2006.0/RPMS/koffice-kpresenter-1.4.2-11.2.20060mdk.i586.rpm
668a7eb653da4db18b2e1c9daefb7e94 2006.0/RPMS/koffice-krita-1.4.2-11.2.20060mdk.i586.rpm
ebb18a9011e702f01718c4c2b4d759e1 2006.0/RPMS/koffice-kspread-1.4.2-11.2.20060mdk.i586.rpm
89a8d46e5768595584fcdbe307add521 2006.0/RPMS/koffice-kugar-1.4.2-11.2.20060mdk.i586.rpm
1e9b58585bf742239b210e8519ed0d8f 2006.0/RPMS/koffice-kword-1.4.2-11.2.20060mdk.i586.rpm
e5e19df847dc2693066a922f73b42c50 2006.0/RPMS/koffice-progs-1.4.2-11.2.20060mdk.i586.rpm
fa63274a949dd60692888f515606f079 2006.0/RPMS/libkoffice2-karbon-1.4.2-11.2.20060mdk.i586.rpm
8bedc58288b05ffb3134c07b7d46a118 2006.0/RPMS/libkoffice2-karbon-devel-1.4.2-11.2.20060mdk.i586.rpm
681887908face81c17a37ca00d6c6022 2006.0/RPMS/libkoffice2-kexi-1.4.2-11.2.20060mdk.i586.rpm
eab5ad72e95f108b923f3bf32bbe10f5 2006.0/RPMS/libkoffice2-kexi-devel-1.4.2-11.2.20060mdk.i586.rpm
7e4b3718e863d0f66f2b7daca2a25f83 2006.0/RPMS/libkoffice2-kformula-1.4.2-11.2.20060mdk.i586.rpm
bad0d716230bad4a9fe0ae27017b0ef7 2006.0/RPMS/libkoffice2-kformula-devel-1.4.2-11.2.20060mdk.i586.rpm
077a3368bef791e1105ba82e41424847 2006.0/RPMS/libkoffice2-kivio-1.4.2-11.2.20060mdk.i586.rpm
8091986d4999e3a702db1139c4cd1ac1 2006.0/RPMS/libkoffice2-kivio-devel-1.4.2-11.2.20060mdk.i586.rpm
74eee88d1cafaab8ff4bbbe9717a0e6c 2006.0/RPMS/libkoffice2-koshell-1.4.2-11.2.20060mdk.i586.rpm
25524a101fb458bfa15bf56706f1d02d 2006.0/RPMS/libkoffice2-kpresenter-1.4.2-11.2.20060mdk.i586.rpm
e37ecf1e3aa338df37fa210aaf7822dd 2006.0/RPMS/libkoffice2-krita-1.4.2-11.2.20060mdk.i586.rpm
cb1a07a6c9da09e6db6a506d8875daf8 2006.0/RPMS/libkoffice2-krita-devel-1.4.2-11.2.20060mdk.i586.rpm
d1594075f9152ac891bb1bf2c3348770 2006.0/RPMS/libkoffice2-kspread-1.4.2-11.2.20060mdk.i586.rpm
5f026461f8fba599df483bbaefcf8b23 2006.0/RPMS/libkoffice2-kspread-devel-1.4.2-11.2.20060mdk.i586.rpm
897cbd506eb32b4cfecd6d4430cf217a 2006.0/RPMS/libkoffice2-kugar-1.4.2-11.2.20060mdk.i586.rpm
7f4a36c89f799e2f6bf19e1bd9264f89 2006.0/RPMS/libkoffice2-kugar-devel-1.4.2-11.2.20060mdk.i586.rpm
3fe5da8dc83ca866d6ae3a2eb21ff0f0 2006.0/RPMS/libkoffice2-kword-1.4.2-11.2.20060mdk.i586.rpm
242ea66e5928964417859b1a26b665f8 2006.0/RPMS/libkoffice2-kword-devel-1.4.2-11.2.20060mdk.i586.rpm
264f937ee2f1678245d3786fb449a1e5 2006.0/RPMS/libkoffice2-progs-1.4.2-11.2.20060mdk.i586.rpm
6fc8f4494593692a215e6ace8bfc1112 2006.0/RPMS/libkoffice2-progs-devel-1.4.2-11.2.20060mdk.i586.rpm
d1aa09f80b3e57ecfd60f0a7e263094a 2006.0/SRPMS/koffice-1.4.2-11.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
895d2918a4723f99eb839c4d27306406 x86_64/2006.0/RPMS/koffice-1.4.2-11.2.20060mdk.x86_64.rpm
e24e0e322dfe02f73c5d1b0571158cf2 x86_64/2006.0/RPMS/koffice-karbon-1.4.2-11.2.20060mdk.x86_64.rpm
e22a93254fd15c0a7b672a1c6bcb91a0 x86_64/2006.0/RPMS/koffice-kexi-1.4.2-11.2.20060mdk.x86_64.rpm
39dcd78e2747823f30364a789a7d1193 x86_64/2006.0/RPMS/koffice-kformula-1.4.2-11.2.20060mdk.x86_64.rpm
c726114646f5fe94121cc2e48a4647b5 x86_64/2006.0/RPMS/koffice-kivio-1.4.2-11.2.20060mdk.x86_64.rpm
bfcdebd6ced8553c1a7eb6ea1ffddbb9 x86_64/2006.0/RPMS/koffice-koshell-1.4.2-11.2.20060mdk.x86_64.rpm
5f4d36c6c03dec33f6f88346fe1c8c11 x86_64/2006.0/RPMS/koffice-kpresenter-1.4.2-11.2.20060mdk.x86_64.rpm
515f8db1ae75c28717a7ed8b7475278f x86_64/2006.0/RPMS/koffice-krita-1.4.2-11.2.20060mdk.x86_64.rpm
4cfe74acd379f314f6ff2845920b64b7 x86_64/2006.0/RPMS/koffice-kspread-1.4.2-11.2.20060mdk.x86_64.rpm
6ec357843424d14fadbd457e49fc3c34 x86_64/2006.0/RPMS/koffice-kugar-1.4.2-11.2.20060mdk.x86_64.rpm
ac0a4544be03c14981d165c83dd0893e x86_64/2006.0/RPMS/koffice-kword-1.4.2-11.2.20060mdk.x86_64.rpm
1a6ddfd8cdde5c9fc9c23fa58e55a7e2 x86_64/2006.0/RPMS/koffice-progs-1.4.2-11.2.20060mdk.x86_64.rpm
9bf5725e0a5b369653bd579c6be151e6 x86_64/2006.0/RPMS/lib64koffice2-karbon-1.4.2-11.2.20060mdk.x86_64.rpm
bb80a747c3ba10682967664d58d5a3dc x86_64/2006.0/RPMS/lib64koffice2-karbon-devel-1.4.2-11.2.20060mdk.x86_64.rpm
8f7003b51389274cec77c0eaa4f620a1 x86_64/2006.0/RPMS/lib64koffice2-kexi-1.4.2-11.2.20060mdk.x86_64.rpm
b0058d2ffe854eb0fc7f6d3694b2cf0c x86_64/2006.0/RPMS/lib64koffice2-kexi-devel-1.4.2-11.2.20060mdk.x86_64.rpm
0c2dfe7985b8d29b11fb6d5f3bc5f187 x86_64/2006.0/RPMS/lib64koffice2-kformula-1.4.2-11.2.20060mdk.x86_64.rpm
fe64e075b725f2003ad4b3b75e633815 x86_64/2006.0/RPMS/lib64koffice2-kformula-devel-1.4.2-11.2.20060mdk.x86_64.rpm
1ce7238b2d8494313df1f71cb5ab45ee x86_64/2006.0/RPMS/lib64koffice2-kivio-1.4.2-11.2.20060mdk.x86_64.rpm
4a64f4ef06c4404f7d77685d195c11ba x86_64/2006.0/RPMS/lib64koffice2-kivio-devel-1.4.2-11.2.20060mdk.x86_64.rpm
92fea6a7449391fc2c35e02044d03e83 x86_64/2006.0/RPMS/lib64koffice2-koshell-1.4.2-11.2.20060mdk.x86_64.rpm
a99e683d8c5585df998d5735d4c01f7d x86_64/2006.0/RPMS/lib64koffice2-kpresenter-1.4.2-11.2.20060mdk.x86_64.rpm
5f19278c29cf6656d9a56ef39f14d145 x86_64/2006.0/RPMS/lib64koffice2-krita-1.4.2-11.2.20060mdk.x86_64.rpm
930b637523e583344c0303844496e768 x86_64/2006.0/RPMS/lib64koffice2-krita-devel-1.4.2-11.2.20060mdk.x86_64.rpm
880b0863b0c0f0ddcde22207abac3164 x86_64/2006.0/RPMS/lib64koffice2-kspread-1.4.2-11.2.20060mdk.x86_64.rpm
cd0b2c995b2ef8c9f90dbb35349b1b95 x86_64/2006.0/RPMS/lib64koffice2-kspread-devel-1.4.2-11.2.20060mdk.x86_64.rpm
d4fa15a626d04a31222c596e9b0781a3 x86_64/2006.0/RPMS/lib64koffice2-kugar-1.4.2-11.2.20060mdk.x86_64.rpm
0562292a610452f83c5070791aeac977 x86_64/2006.0/RPMS/lib64koffice2-kugar-devel-1.4.2-11.2.20060mdk.x86_64.rpm
ecc6a0c00d8c9160400db4c1698a918e x86_64/2006.0/RPMS/lib64koffice2-kword-1.4.2-11.2.20060mdk.x86_64.rpm
0b87a74b84ed37b1d95e5a61247bbe39 x86_64/2006.0/RPMS/lib64koffice2-kword-devel-1.4.2-11.2.20060mdk.x86_64.rpm
5935898f0e48d386a8f50d1be0f39e62 x86_64/2006.0/RPMS/lib64koffice2-progs-1.4.2-11.2.20060mdk.x86_64.rpm
f96c5fd8d1e3366a3bef48ef49d52559 x86_64/2006.0/RPMS/lib64koffice2-progs-devel-1.4.2-11.2.20060mdk.x86_64.rpm
d1aa09f80b3e57ecfd60f0a7e263094a x86_64/2006.0/SRPMS/koffice-1.4.2-11.2.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDvs3umqjQ0CJFipgRAsQWAKDhkKglUv6U7HiqveMCZl+UYqSnKQCfRF1P
VZDGDCNSiLOLUNqpi69LYE8=
=ZQ9V
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/_mdksa_2006008__updated_koffice_packages_fix_several_vulnerabilities.html)