lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051012072003.GD12561@piware.de>
Date: Wed, 12 Oct 2005 09:20:03 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-202-1] KOffice vulnerability

===========================================================
Ubuntu Security Notice USN-202-1	   October 12, 2005
koffice vulnerability
CAN-2005-2971
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

koffice-libs
kword

The problem can be corrected by upgrading the affected package to
version 1:1.3.5-2ubuntu1.1.  After a standard system upgrade you need
to restart all KOffice applications to effect the necessary changes.

Details follow:

Chris Evans discovered a buffer overflow in the RTF import module of
KOffice. By tricking a user into opening a specially-crafted RTF file,
an attacker could exploit this to execute arbitrary code with the
privileges of the AbiWord user.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5-2ubuntu1.1.diff.gz
      Size/MD5:     8816 85d465e2669a24b0019233221a0e15fd
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5-2ubuntu1.1.dsc
      Size/MD5:      999 2eaa86d2bee10bad8d0b34ed2e60d336
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5.orig.tar.gz
      Size/MD5: 13154501 2c9b45ecbf16a8c5d16ce9d2f51c2571

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio-data_1.3.5-2ubuntu1.1_all.deb
      Size/MD5:   615280 b84003db4ad4625b7266b479eaf1d50c
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-data_1.3.5-2ubuntu1.1_all.deb
      Size/MD5:   684630 3275891bff107e56d00e13687eea0e22
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-doc-html_1.3.5-2ubuntu1.1_all.deb
      Size/MD5:   305362 3edd7173b3597eec1b25a5308b509328
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5-2ubuntu1.1_all.deb
      Size/MD5:    13502 77d6fdda1ad2093ab9e0b45fcf5c8046

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/karbon_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:   854530 fbb920f93b00e7c84c789f514f24773a
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kchart_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:   673748 b7c436b6086dde8aaaed316bc52a607c
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kformula_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:   693330 f1cf7350e87e566692db888c75fcca14
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:   583362 ec86ad4dbf9edc7a04341d62639e5afd
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-dev_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:   147476 83ba665bb66e17484c3857c34001b3ec
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-libs_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:  2134962 cff8c010e89c59855294a53e9dca965c
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koshell_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:    51192 bce62ed710af795af1727d2f01b1d02d
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kpresenter_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:  2536672 3b9a038cd580d80fdf4cc046f77154cd
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kspread_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:  1754694 aab82c7ab4b5fb646dd26abfd730c9d9
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kugar_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:   551772 762fdef125636d9272ba1945d7f2ed85
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kword_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:  3591006 cefbf03ef13b678400082e75786881d6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/karbon_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:   778648 254467d67814c5ccf9cc1e3ebf65cb09
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kchart_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:   660210 019389de3b7e2d12b0618caccf49a3cb
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kformula_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:   689214 fe8b796c71500cfe3a51867ed7689ac7
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:   541344 1103a760575623d236a45f5d79ca4e6b
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-dev_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:   147474 d7641c10c832e4b6e92b86bb4202e058
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-libs_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:  1994548 72fadda393d3905eb81487c3e993e98f
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koshell_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:    48998 aae5d22d053d2fde95ee844262b5ae32
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kpresenter_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:  2503204 5114895616ae77175c1fad011a5da104
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kspread_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:  1668520 04f4ad391680010fc843f27faceacbff
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kugar_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:   533270 cc9ed083427380bac4a6dcff86933f24
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kword_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:  3452150 6dbb03a9966d8ccd975e4784acf46bd8

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/karbon_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:   826906 f7cbe8e0113ccf1b76e515a715f918a8
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kchart_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:   651168 655d47e3d8cabf6c54f51abaf3554a23
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kformula_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:   690552 cfe8035a78d467c60b435a95a31aed3b
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:   554944 5ca771ac6b28b04e8519bc2c3b87e71b
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-dev_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:   147478 56ab71652516e78b4c98b496a33f5b52
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-libs_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:  2022892 133bf90bb269bafb453d3da968e892eb
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koshell_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:    51450 0024c535dafa26d19f417f8965154bc5
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kpresenter_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:  2479510 ebc3269b6416598a5425d11146ffcca2
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kspread_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:  1663382 9729c91b3c63d5ed36fe1523706a809d
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kugar_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:   533568 cc0dda08cb91cf0bc2d12f447072c803
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kword_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:  3491862 dcd9768e9ab6d04c28dbe7b5f987891b

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ