lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041230041629.14657.qmail@updates.mandrakesoft.com>
Date: 30 Dec 2004 04:16:29 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:165 - Updated koffice packages fix multiple vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           koffice
 Advisory ID:            MDKSA-2004:165
 Date:                   December 29th, 2004

 Affected versions:	 10.0, 10.1
 ______________________________________________________________________

 Problem Description:

 Chris Evans discovered numerous vulnerabilities in the xpdf package,
 which also effect software using embedded xpdf code, such as koffice
 (CAN-2004-0888).
 
 Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0.
 Also programs like koffice which have embedded versions of xpdf.
 These can result in writing an arbitrary byte to an attacker controlled
 location which probably could lead to arbitrary code execution. 
 
 iDefense also reported a buffer overflow vulnerability, which affects 
 versions of xpdf <= xpdf-3.0 and several programs, like koffice, which use
 embedded xpdf code. An attacker could construct a malicious payload file
 which could enable arbitrary code execution on the target system
 (CAN-2004-1125).
 
 The updated packages are patched to protect against these
 vulnerabilities.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0888
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1125
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 1e0b46cd6942a0c964dc05bfe3c8a76e  10.0/RPMS/koffice-1.3-12.1.100mdk.i586.rpm
 0e2af47813d3709e12ac9dc2b702e0cd  10.0/RPMS/libkoffice2-1.3-12.1.100mdk.i586.rpm
 82131f7b6025175d01c8e17baac6446d  10.0/RPMS/libkoffice2-devel-1.3-12.1.100mdk.i586.rpm
 ff998b96be3312f1d2e1c436afb45a63  10.0/SRPMS/koffice-1.3-12.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 a44c06b1ab148f400b5324f362f6cdab  amd64/10.0/RPMS/koffice-1.3-12.1.100mdk.amd64.rpm
 4e557b6bdee2e4a8c9d2c0e49cbaece2  amd64/10.0/RPMS/lib64koffice2-1.3-12.1.100mdk.amd64.rpm
 3cda03975322e745e4cdefdf37428ac4  amd64/10.0/RPMS/lib64koffice2-devel-1.3-12.1.100mdk.amd64.rpm
 ff998b96be3312f1d2e1c436afb45a63  amd64/10.0/SRPMS/koffice-1.3-12.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 2a4fe535aad4b5d29c4924e239e64803  10.1/RPMS/koffice-1.3.3-2.1.101mdk.i586.rpm
 b44aea2072393b955b3c31879a08cb9b  10.1/RPMS/koffice-karbon-1.3.3-2.1.101mdk.i586.rpm
 1806dfa15c7ac10e4f401936b40b98be  10.1/RPMS/koffice-kformula-1.3.3-2.1.101mdk.i586.rpm
 64f1efdee6488d4f7f5d88779047f173  10.1/RPMS/koffice-kivio-1.3.3-2.1.101mdk.i586.rpm
 b7cc22044ad7540a2493d1ed0189f384  10.1/RPMS/koffice-koshell-1.3.3-2.1.101mdk.i586.rpm
 aa9e8190c9eacf5ef516b89d8365bbff  10.1/RPMS/koffice-kpresenter-1.3.3-2.1.101mdk.i586.rpm
 e037c4cd82a6f1197f8e123a2ca75fd0  10.1/RPMS/koffice-kspread-1.3.3-2.1.101mdk.i586.rpm
 09569b4ce2ae5c7461df8597a528c7db  10.1/RPMS/koffice-kugar-1.3.3-2.1.101mdk.i586.rpm
 437eb0c507e1e678a5502e4b37e8113e  10.1/RPMS/koffice-kword-1.3.3-2.1.101mdk.i586.rpm
 3bd173dbfc9928ae10bdd5c361e5e1e6  10.1/RPMS/koffice-progs-1.3.3-2.1.101mdk.i586.rpm
 437641929c341647ce0f1542787ff986  10.1/RPMS/libkoffice2-karbon-1.3.3-2.1.101mdk.i586.rpm
 d59a1f3daaae708a884aea0890dfa0e5  10.1/RPMS/libkoffice2-kformula-1.3.3-2.1.101mdk.i586.rpm
 15d04722601339436cbf717c0106a44b  10.1/RPMS/libkoffice2-kivio-1.3.3-2.1.101mdk.i586.rpm
 cda4f68448ac51cc9625c74ddd4f827f  10.1/RPMS/libkoffice2-koshell-1.3.3-2.1.101mdk.i586.rpm
 fc83c4890249ba4b56e5149bc4471ef6  10.1/RPMS/libkoffice2-kpresenter-1.3.3-2.1.101mdk.i586.rpm
 e56823573bb2485116bbf3f5b490491c  10.1/RPMS/libkoffice2-kspread-1.3.3-2.1.101mdk.i586.rpm
 d26ca6b59d8cccb58fbf5424c9441921  10.1/RPMS/libkoffice2-kspread-devel-1.3.3-2.1.101mdk.i586.rpm
 1a757e3fcc5d9be94347a70ef393f2bf  10.1/RPMS/libkoffice2-kugar-1.3.3-2.1.101mdk.i586.rpm
 71df2e1e9e6503b02a2e15553470df2c  10.1/RPMS/libkoffice2-kugar-devel-1.3.3-2.1.101mdk.i586.rpm
 1be385646572df37009455ce723d55e0  10.1/RPMS/libkoffice2-kword-1.3.3-2.1.101mdk.i586.rpm
 38497a624d579dfdc4257e230b3daf7e  10.1/RPMS/libkoffice2-kword-devel-1.3.3-2.1.101mdk.i586.rpm
 e900f4bce3981f1ae4a778b683e4182c  10.1/RPMS/libkoffice2-progs-1.3.3-2.1.101mdk.i586.rpm
 ef3753bfb708676a4edb0749dd04fa75  10.1/RPMS/libkoffice2-progs-devel-1.3.3-2.1.101mdk.i586.rpm
 1fc631607620e2201a0f012d5e0de3be  10.1/SRPMS/koffice-1.3.3-2.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 f6950e03d0c945a4debb30ee37aac470  x86_64/10.1/RPMS/koffice-1.3.3-2.1.101mdk.x86_64.rpm
 b340f444b0d7c5c29ca848d81bd6918b  x86_64/10.1/RPMS/koffice-karbon-1.3.3-2.1.101mdk.x86_64.rpm
 febb09afa0f89a19c18d11de634f6e59  x86_64/10.1/RPMS/koffice-kformula-1.3.3-2.1.101mdk.x86_64.rpm
 641df616c05818a12372982d8434ef9c  x86_64/10.1/RPMS/koffice-kivio-1.3.3-2.1.101mdk.x86_64.rpm
 019316f2213bce109fa3a223b969f0ab  x86_64/10.1/RPMS/koffice-koshell-1.3.3-2.1.101mdk.x86_64.rpm
 ccfc1ac77e6358804c133b40ef127c83  x86_64/10.1/RPMS/koffice-kpresenter-1.3.3-2.1.101mdk.x86_64.rpm
 4f9a88e076a581cada3dc68ba7ecb832  x86_64/10.1/RPMS/koffice-kspread-1.3.3-2.1.101mdk.x86_64.rpm
 3d6f9eaf81d418e72c1f53c582bfeaaa  x86_64/10.1/RPMS/koffice-kugar-1.3.3-2.1.101mdk.x86_64.rpm
 dfc842fa3ee599c11bfc27fa8f326eb1  x86_64/10.1/RPMS/koffice-kword-1.3.3-2.1.101mdk.x86_64.rpm
 b1bb22ec5ed4a4cf9a0f430d2e2553b1  x86_64/10.1/RPMS/koffice-progs-1.3.3-2.1.101mdk.x86_64.rpm
 3795a1b1fcefccc5c977d127c43227f1  x86_64/10.1/RPMS/lib64koffice2-karbon-1.3.3-2.1.101mdk.x86_64.rpm
 b820fea6c679d7c60ff2acbad896449f  x86_64/10.1/RPMS/lib64koffice2-kformula-1.3.3-2.1.101mdk.x86_64.rpm
 b209f0c50f7bf00ae735537138f444b6  x86_64/10.1/RPMS/lib64koffice2-kivio-1.3.3-2.1.101mdk.x86_64.rpm
 0fb957d0a64df32e699d362af714781c  x86_64/10.1/RPMS/lib64koffice2-koshell-1.3.3-2.1.101mdk.x86_64.rpm
 f794ae3af010b2f33ebc1a99c99f7108  x86_64/10.1/RPMS/lib64koffice2-kpresenter-1.3.3-2.1.101mdk.x86_64.rpm
 ad9a9df73efd05eaff91887781d9adfb  x86_64/10.1/RPMS/lib64koffice2-kspread-1.3.3-2.1.101mdk.x86_64.rpm
 5851d28588be19a8da437ccb7671fa68  x86_64/10.1/RPMS/lib64koffice2-kspread-devel-1.3.3-2.1.101mdk.x86_64.rpm
 ad37853543c47c7a7c41716fdc3a547f  x86_64/10.1/RPMS/lib64koffice2-kugar-1.3.3-2.1.101mdk.x86_64.rpm
 d6723cc2688893ee69f9b62b370bf254  x86_64/10.1/RPMS/lib64koffice2-kugar-devel-1.3.3-2.1.101mdk.x86_64.rpm
 7b207d00b0eb91b62ff50ac59276a091  x86_64/10.1/RPMS/lib64koffice2-kword-1.3.3-2.1.101mdk.x86_64.rpm
 7b075324f6d933d2ae62b35e70d5cc9e  x86_64/10.1/RPMS/lib64koffice2-kword-devel-1.3.3-2.1.101mdk.x86_64.rpm
 7a4e7f4be8056e172c061a932bc16dd9  x86_64/10.1/RPMS/lib64koffice2-progs-1.3.3-2.1.101mdk.x86_64.rpm
 84fcb30f9234e77bad1031d65c90525b  x86_64/10.1/RPMS/lib64koffice2-progs-devel-1.3.3-2.1.101mdk.x86_64.rpm
 1fc631607620e2201a0f012d5e0de3be  x86_64/10.1/SRPMS/koffice-1.3.3-2.1.101mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFB04EdmqjQ0CJFipgRAsS+AJ0Q/Bu+CUsx7CQEBDhR1il0WOun3wCcCCz8
2Hvgymi/kINilJxidfKdqeM=
=7e6g
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ