[Security Announce] [ MDKSA-2007:018 ] - Updated koffice packages fix crafted pdf file vulnerability
Posted on: 01/18/2007 10:05 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:018
http://www.mandriva.com/security/
_______________________________________________________________________

Package : koffice
Date : January 18, 2007
Affected: 2007.0
_______________________________________________________________________

Problem Description:

The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2,
kpdf in KDE before 3.5.5, and other products, allows remote attackers
to have an unknown impact, possibly including denial of service
(infinite loop), arbitrary code execution, or memory corruption, via a
PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages
attribute that references an invalid page tree node.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
b1cdf9519f03f701c6e538a90a23caf9 2007.0/i586/koffice-1.5.91-3.3mdv2007.0.i586.rpm
783305f6c0b3c3cef71d8479fa17a095 2007.0/i586/koffice-karbon-1.5.91-3.3mdv2007.0.i586.rpm
ff64ba24814230cf14f50e84ddccbb78 2007.0/i586/koffice-kexi-1.5.91-3.3mdv2007.0.i586.rpm
273e5672aca7b387f879aecbdef48278 2007.0/i586/koffice-kformula-1.5.91-3.3mdv2007.0.i586.rpm
37d873cba6a9b8fa9d0d6b33a71597e0 2007.0/i586/koffice-kivio-1.5.91-3.3mdv2007.0.i586.rpm
d961fa397c4a72a034b7baf9e9ecfb9a 2007.0/i586/koffice-koshell-1.5.91-3.3mdv2007.0.i586.rpm
56592c5a74838446e649c15c48fe8853 2007.0/i586/koffice-kplato-1.5.91-3.3mdv2007.0.i586.rpm
4ebfda9a175e07de07ee197707434a5d 2007.0/i586/koffice-kpresenter-1.5.91-3.3mdv2007.0.i586.rpm
064db7d95802e559144bfa5b9c408bb7 2007.0/i586/koffice-krita-1.5.91-3.3mdv2007.0.i586.rpm
70fa6928e34a9ebcbd0359763695d791 2007.0/i586/koffice-kspread-1.5.91-3.3mdv2007.0.i586.rpm
1dca8ca1061a329290251bda492cb8c4 2007.0/i586/koffice-kugar-1.5.91-3.3mdv2007.0.i586.rpm
a4bc6a10e43743f46cbc05173e325484 2007.0/i586/koffice-kword-1.5.91-3.3mdv2007.0.i586.rpm
cf559afa4445ba333ac23062026ab76d 2007.0/i586/koffice-progs-1.5.91-3.3mdv2007.0.i586.rpm
57049355d5b9d28a540a36e9d37ea3f9 2007.0/i586/libkoffice2-karbon-1.5.91-3.3mdv2007.0.i586.rpm
c28ab56ff8bc4bafb8256321ad11f69c 2007.0/i586/libkoffice2-karbon-devel-1.5.91-3.3mdv2007.0.i586.rpm
dc4e1ac6a0d357a574d1d8f837e2b485 2007.0/i586/libkoffice2-kexi-1.5.91-3.3mdv2007.0.i586.rpm
305b86ad6ca9d684839308b9326ccb55 2007.0/i586/libkoffice2-kexi-devel-1.5.91-3.3mdv2007.0.i586.rpm
f1011e0ad3d2783b5d01742736e3bbcc 2007.0/i586/libkoffice2-kformula-1.5.91-3.3mdv2007.0.i586.rpm
4fe66ee781ad6cd648cfa705dc6e1dbc 2007.0/i586/libkoffice2-kformula-devel-1.5.91-3.3mdv2007.0.i586.rpm
4a937f22adff9c856700f208438132cc 2007.0/i586/libkoffice2-kivio-1.5.91-3.3mdv2007.0.i586.rpm
520258316a44dfbf6c13c7d7b96d5504 2007.0/i586/libkoffice2-kivio-devel-1.5.91-3.3mdv2007.0.i586.rpm
f62280e2ab006729efc6a4af379e6a23 2007.0/i586/libkoffice2-koshell-1.5.91-3.3mdv2007.0.i586.rpm
036045cae6863b7872c20ab4d1cc5688 2007.0/i586/libkoffice2-kplato-1.5.91-3.3mdv2007.0.i586.rpm
1e86cd4131a0b228c18209194719e672 2007.0/i586/libkoffice2-kpresenter-1.5.91-3.3mdv2007.0.i586.rpm
6d4129270a176cc103efd3d3af77fb86 2007.0/i586/libkoffice2-kpresenter-devel-1.5.91-3.3mdv2007.0.i586.rpm
c593f3e2688aaba40c43c33e9d7105ea 2007.0/i586/libkoffice2-krita-1.5.91-3.3mdv2007.0.i586.rpm
4650aaedeb219009e13a714776ed306d 2007.0/i586/libkoffice2-krita-devel-1.5.91-3.3mdv2007.0.i586.rpm
1a9d2cb47aa3ee4766c58c7dab59e5d8 2007.0/i586/libkoffice2-kspread-1.5.91-3.3mdv2007.0.i586.rpm
6aaec493fd2d9893028846f4f8e21462 2007.0/i586/libkoffice2-kspread-devel-1.5.91-3.3mdv2007.0.i586.rpm
e440b2660d6c6a30dfe1a0f916f28710 2007.0/i586/libkoffice2-kugar-1.5.91-3.3mdv2007.0.i586.rpm
34848cf4d92ab20936380a0b1848b87c 2007.0/i586/libkoffice2-kugar-devel-1.5.91-3.3mdv2007.0.i586.rpm
1d8d0aa310a11a28afd0372e04dcf3d1 2007.0/i586/libkoffice2-kword-1.5.91-3.3mdv2007.0.i586.rpm
e141aae296f1ea77ad8ba8e911035a6f 2007.0/i586/libkoffice2-kword-devel-1.5.91-3.3mdv2007.0.i586.rpm
f3b45e02397192707a4717e4796f8e44 2007.0/i586/libkoffice2-progs-1.5.91-3.3mdv2007.0.i586.rpm
45ee5c8cb61a7be6802ab927c15fcc45 2007.0/i586/libkoffice2-progs-devel-1.5.91-3.3mdv2007.0.i586.rpm
2dcb5c2b4e73e2213718164f97fb4877 2007.0/SRPMS/koffice-1.5.91-3.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
837b0881b72c5b853532dd2502d0ff7a 2007.0/x86_64/koffice-1.5.91-3.3mdv2007.0.x86_64.rpm
33728635d9a94f6b7231f2a80ddb50ae 2007.0/x86_64/koffice-karbon-1.5.91-3.3mdv2007.0.x86_64.rpm
c76e8403a507ebc8f249f6f2334935dd 2007.0/x86_64/koffice-kexi-1.5.91-3.3mdv2007.0.x86_64.rpm
03d4caf72b433c26678fdc6180b637aa 2007.0/x86_64/koffice-kformula-1.5.91-3.3mdv2007.0.x86_64.rpm
5d716dac65c438f2397b52544a6e8f38 2007.0/x86_64/koffice-kivio-1.5.91-3.3mdv2007.0.x86_64.rpm
5686d37d4c3cf9c40ba8e0e2d7f75050 2007.0/x86_64/koffice-koshell-1.5.91-3.3mdv2007.0.x86_64.rpm
245f05881374b5c0ff96fda584fe0e68 2007.0/x86_64/koffice-kplato-1.5.91-3.3mdv2007.0.x86_64.rpm
48b03d85d6c565830c984ffa70fe5ed4 2007.0/x86_64/koffice-kpresenter-1.5.91-3.3mdv2007.0.x86_64.rpm
91babf38de874d98768de64f5151243d 2007.0/x86_64/koffice-krita-1.5.91-3.3mdv2007.0.x86_64.rpm
905ccf7c609c2dc46051109a92d0b967 2007.0/x86_64/koffice-kspread-1.5.91-3.3mdv2007.0.x86_64.rpm
b13880c4f3e75fb87c1a06ccebe130c6 2007.0/x86_64/koffice-kugar-1.5.91-3.3mdv2007.0.x86_64.rpm
1ab02849f6053668c3f32481ac027ff3 2007.0/x86_64/koffice-kword-1.5.91-3.3mdv2007.0.x86_64.rpm
a19557886617f34e7bc380e2f608182d 2007.0/x86_64/koffice-progs-1.5.91-3.3mdv2007.0.x86_64.rpm
10e515bedb617b46c0bd0c2201ba0778 2007.0/x86_64/lib64koffice2-karbon-1.5.91-3.3mdv2007.0.x86_64.rpm
c779557283f634c818b57d673cc0d282 2007.0/x86_64/lib64koffice2-karbon-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
a52e7d5c03f03954674e955e518ecdda 2007.0/x86_64/lib64koffice2-kexi-1.5.91-3.3mdv2007.0.x86_64.rpm
6abce5b2c97323df1c34cfbb51c24e8c 2007.0/x86_64/lib64koffice2-kexi-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
8d3a2a1cbb1778dce5943407ae54ec91 2007.0/x86_64/lib64koffice2-kformula-1.5.91-3.3mdv2007.0.x86_64.rpm
cb4bc66b2185c02c7f9d63cb5437990a 2007.0/x86_64/lib64koffice2-kformula-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
74b9c1c5afe1d3bd26d702d002d70201 2007.0/x86_64/lib64koffice2-kivio-1.5.91-3.3mdv2007.0.x86_64.rpm
84fb2950e93db3274a10a1967b63cfd1 2007.0/x86_64/lib64koffice2-kivio-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
dce5027826fd5808045a81d54128d6bd 2007.0/x86_64/lib64koffice2-koshell-1.5.91-3.3mdv2007.0.x86_64.rpm
43139b9b61586d0dde15ca648d4bd1bf 2007.0/x86_64/lib64koffice2-kplato-1.5.91-3.3mdv2007.0.x86_64.rpm
536c7f344165974e98d24bfa03ad999b 2007.0/x86_64/lib64koffice2-kpresenter-1.5.91-3.3mdv2007.0.x86_64.rpm
558e2156bd14fe3889e50d128e1b9777 2007.0/x86_64/lib64koffice2-kpresenter-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
5f1ff30462271fcdbb348be7fdfed67c 2007.0/x86_64/lib64koffice2-krita-1.5.91-3.3mdv2007.0.x86_64.rpm
d92007f528c1c4bbd5f08e1a372f360f 2007.0/x86_64/lib64koffice2-krita-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
e4f4608eee0c34b0ea5dbcedfa322e10 2007.0/x86_64/lib64koffice2-kspread-1.5.91-3.3mdv2007.0.x86_64.rpm
0b9265836827e5519439507505e854ff 2007.0/x86_64/lib64koffice2-kspread-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
175974918d496b876fb0f153d6325132 2007.0/x86_64/lib64koffice2-kugar-1.5.91-3.3mdv2007.0.x86_64.rpm
6769a7aa06bc0ef765473806877a74a3 2007.0/x86_64/lib64koffice2-kugar-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
88578bf2bd7b6a2e2d2e361163ee4d44 2007.0/x86_64/lib64koffice2-kword-1.5.91-3.3mdv2007.0.x86_64.rpm
d2c14a93ba278c18f12a2366149d24c0 2007.0/x86_64/lib64koffice2-kword-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
fab8c782b89b43a15df544ef6da61a42 2007.0/x86_64/lib64koffice2-progs-1.5.91-3.3mdv2007.0.x86_64.rpm
726d9d0df73c3603cbc22a7ac3fdc061 2007.0/x86_64/lib64koffice2-progs-devel-1.5.91-3.3mdv2007.0.x86_64.rpm
2dcb5c2b4e73e2213718164f97fb4877 2007.0/SRPMS/koffice-1.5.91-3.3mdv2007.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFr7Q8mqjQ0CJFipgRAotZAJ46508w3im/IvxBRh2tIJqkD9Bb6ACguSRx
nyX+pMyxCoY2znh4Jy7IfhA=
Ô6J
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007018__updated_koffice_packages_fix_crafted_pdf_file_vulnerability.html)