[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051012072003.GD12561@piware.de>
Date: Wed, 12 Oct 2005 09:20:03 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-202-1] KOffice vulnerability
===========================================================
Ubuntu Security Notice USN-202-1 October 12, 2005
koffice vulnerability
CAN-2005-2971
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
koffice-libs
kword
The problem can be corrected by upgrading the affected package to
version 1:1.3.5-2ubuntu1.1. After a standard system upgrade you need
to restart all KOffice applications to effect the necessary changes.
Details follow:
Chris Evans discovered a buffer overflow in the RTF import module of
KOffice. By tricking a user into opening a specially-crafted RTF file,
an attacker could exploit this to execute arbitrary code with the
privileges of the AbiWord user.
Source archives:
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5-2ubuntu1.1.diff.gz
Size/MD5: 8816 85d465e2669a24b0019233221a0e15fd
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5-2ubuntu1.1.dsc
Size/MD5: 999 2eaa86d2bee10bad8d0b34ed2e60d336
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5.orig.tar.gz
Size/MD5: 13154501 2c9b45ecbf16a8c5d16ce9d2f51c2571
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio-data_1.3.5-2ubuntu1.1_all.deb
Size/MD5: 615280 b84003db4ad4625b7266b479eaf1d50c
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-data_1.3.5-2ubuntu1.1_all.deb
Size/MD5: 684630 3275891bff107e56d00e13687eea0e22
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-doc-html_1.3.5-2ubuntu1.1_all.deb
Size/MD5: 305362 3edd7173b3597eec1b25a5308b509328
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5-2ubuntu1.1_all.deb
Size/MD5: 13502 77d6fdda1ad2093ab9e0b45fcf5c8046
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/karbon_1.3.5-2ubuntu1.1_amd64.deb
Size/MD5: 854530 fbb920f93b00e7c84c789f514f24773a
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kchart_1.3.5-2ubuntu1.1_amd64.deb
Size/MD5: 673748 b7c436b6086dde8aaaed316bc52a607c
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kformula_1.3.5-2ubuntu1.1_amd64.deb
Size/MD5: 693330 f1cf7350e87e566692db888c75fcca14
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio_1.3.5-2ubuntu1.1_amd64.deb
Size/MD5: 583362 ec86ad4dbf9edc7a04341d62639e5afd
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-dev_1.3.5-2ubuntu1.1_amd64.deb
Size/MD5: 147476 83ba665bb66e17484c3857c34001b3ec
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-libs_1.3.5-2ubuntu1.1_amd64.deb
Size/MD5: 2134962 cff8c010e89c59855294a53e9dca965c
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koshell_1.3.5-2ubuntu1.1_amd64.deb
Size/MD5: 51192 bce62ed710af795af1727d2f01b1d02d
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kpresenter_1.3.5-2ubuntu1.1_amd64.deb
Size/MD5: 2536672 3b9a038cd580d80fdf4cc046f77154cd
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kspread_1.3.5-2ubuntu1.1_amd64.deb
Size/MD5: 1754694 aab82c7ab4b5fb646dd26abfd730c9d9
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kugar_1.3.5-2ubuntu1.1_amd64.deb
Size/MD5: 551772 762fdef125636d9272ba1945d7f2ed85
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kword_1.3.5-2ubuntu1.1_amd64.deb
Size/MD5: 3591006 cefbf03ef13b678400082e75786881d6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/karbon_1.3.5-2ubuntu1.1_i386.deb
Size/MD5: 778648 254467d67814c5ccf9cc1e3ebf65cb09
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kchart_1.3.5-2ubuntu1.1_i386.deb
Size/MD5: 660210 019389de3b7e2d12b0618caccf49a3cb
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kformula_1.3.5-2ubuntu1.1_i386.deb
Size/MD5: 689214 fe8b796c71500cfe3a51867ed7689ac7
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio_1.3.5-2ubuntu1.1_i386.deb
Size/MD5: 541344 1103a760575623d236a45f5d79ca4e6b
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-dev_1.3.5-2ubuntu1.1_i386.deb
Size/MD5: 147474 d7641c10c832e4b6e92b86bb4202e058
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-libs_1.3.5-2ubuntu1.1_i386.deb
Size/MD5: 1994548 72fadda393d3905eb81487c3e993e98f
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koshell_1.3.5-2ubuntu1.1_i386.deb
Size/MD5: 48998 aae5d22d053d2fde95ee844262b5ae32
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kpresenter_1.3.5-2ubuntu1.1_i386.deb
Size/MD5: 2503204 5114895616ae77175c1fad011a5da104
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kspread_1.3.5-2ubuntu1.1_i386.deb
Size/MD5: 1668520 04f4ad391680010fc843f27faceacbff
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kugar_1.3.5-2ubuntu1.1_i386.deb
Size/MD5: 533270 cc9ed083427380bac4a6dcff86933f24
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kword_1.3.5-2ubuntu1.1_i386.deb
Size/MD5: 3452150 6dbb03a9966d8ccd975e4784acf46bd8
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/karbon_1.3.5-2ubuntu1.1_powerpc.deb
Size/MD5: 826906 f7cbe8e0113ccf1b76e515a715f918a8
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kchart_1.3.5-2ubuntu1.1_powerpc.deb
Size/MD5: 651168 655d47e3d8cabf6c54f51abaf3554a23
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kformula_1.3.5-2ubuntu1.1_powerpc.deb
Size/MD5: 690552 cfe8035a78d467c60b435a95a31aed3b
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio_1.3.5-2ubuntu1.1_powerpc.deb
Size/MD5: 554944 5ca771ac6b28b04e8519bc2c3b87e71b
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-dev_1.3.5-2ubuntu1.1_powerpc.deb
Size/MD5: 147478 56ab71652516e78b4c98b496a33f5b52
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-libs_1.3.5-2ubuntu1.1_powerpc.deb
Size/MD5: 2022892 133bf90bb269bafb453d3da968e892eb
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koshell_1.3.5-2ubuntu1.1_powerpc.deb
Size/MD5: 51450 0024c535dafa26d19f417f8965154bc5
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kpresenter_1.3.5-2ubuntu1.1_powerpc.deb
Size/MD5: 2479510 ebc3269b6416598a5425d11146ffcca2
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kspread_1.3.5-2ubuntu1.1_powerpc.deb
Size/MD5: 1663382 9729c91b3c63d5ed36fe1523706a809d
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kugar_1.3.5-2ubuntu1.1_powerpc.deb
Size/MD5: 533568 cc0dda08cb91cf0bc2d12f447072c803
http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kword_1.3.5-2ubuntu1.1_powerpc.deb
Size/MD5: 3491862 dcd9768e9ab6d04c28dbe7b5f987891b
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists