lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1282069688.978.6.camel@luna>
Date: Tue, 17 Aug 2010 13:28:08 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce <ubuntu-security-announce@...ts.ubuntu.com>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
	bugtraq <bugtraq@...urityfocus.com>
Subject: [USN-973-1] KOffice vulnerabilities

===========================================================
Ubuntu Security Notice USN-973-1            August 17, 2010
koffice vulnerabilities
CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166,
CVE-2009-0195, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179,
CVE-2009-1180, CVE-2009-1181, CVE-2009-3606, CVE-2009-3608,
CVE-2009-3609
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
  kword                           1:1.6.3-7ubuntu6.1

In general, a standard system update will make all the necessary changes.

Details follow:

Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that the
Xpdf used in KOffice contained multiple security issues in its JBIG2
decoder. If a user or automated system were tricked into opening a crafted
PDF file, an attacker could cause a denial of service or execute arbitrary
code with privileges of the user invoking the program. (CVE-2009-0146,
CVE-2009-0147, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179,
CVE-2009-1180, CVE-2009-1181)

It was discovered that the Xpdf used in KOffice contained multiple security
issues when parsing malformed PDF documents. If a user or automated system
were tricked into opening a crafted PDF file, an attacker could cause a
denial of service or execute arbitrary code with privileges of the user
invoking the program. (CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)

KOffice in Ubuntu 9.04 uses a very old version of Xpdf to import PDFs into
KWord. Upstream KDE no longer supports PDF import in KOffice and as a
result it was dropped in Ubuntu 9.10. While an attempt was made to fix the
above issues, the maintenance burden for supporting this very old version
of Xpdf outweighed its utility, and PDF import is now also disabled in
Ubuntu 9.04.


Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.3-7ubuntu6.1.diff.gz
      Size/MD5:   622105 556aa62c50d527e60c1dff7b0f0aa0b1
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.3-7ubuntu6.1.dsc
      Size/MD5:     2089 d42a7716e78fc690d256f8045017e7fa
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.3.orig.tar.gz
      Size/MD5: 63221967 497a644adaf5d6531a0e32d14f88e5f5

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio-data_1.6.3-7ubuntu6.1_all.deb
      Size/MD5:   682598 78a5406815a35440ac4480c2532f28ef
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-data_1.6.3-7ubuntu6.1_all.deb
      Size/MD5:   735930 9d775bfa37c32d0ab934c25c721d6456
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc-html_1.6.3-7ubuntu6.1_all.deb
      Size/MD5:   519734 7c05c1818b4baaa8167b6f84bbcab085
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-doc_1.6.3-7ubuntu6.1_all.deb
      Size/MD5:    18982 465a569fb8bbd06f80e8b19e6acc1695
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice_1.6.3-7ubuntu6.1_all.deb
      Size/MD5:    21100 780be3fc6108770d271d89cac4869b10
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter-data_1.6.3-7ubuntu6.1_all.deb
      Size/MD5:  1903802 bdb13a770966f7a5b2978f510ba58f10
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita-data_1.6.3-7ubuntu6.1_all.deb
      Size/MD5: 28310364 0d115fe0dfc641efe2e04508324bd72a
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword-data_1.6.3-7ubuntu6.1_all.deb
      Size/MD5:  1776368 f7781ed87a7c8c5ee1ba7636c519076d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:  1059936 fa5f33b7cd8d1d291834ad81768a55b3
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:  1363098 1ea1bd16846af1b718392fcc80f55456
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:  3634792 de50ca28c4ffe99f5c43369be2c28c53
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:  1022466 2680eb3b5eb1fe0b939dcc4d8698df93
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:   586680 af2f128a08ad516dab5e0d9181c8fa05
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5: 54301774 04ffb99c1da2e2d54a0320d4eb23a8bd
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:   394472 2dd7347dda792d9a1a50831b20861f94
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:  2614706 1f4f29ae856d74a751d47d6a2c2e6317
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:   177638 bbcf8e0ef85478569dd212be191cf3d6
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kplato_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:   939900 81b0c652c71a1cae573a984bc8192e9c
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:  1332666 2cb497195e47d739e5c73eca50ba7f3a
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:  3307610 4453ddce6e47950727883a37ed0cb02a
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:  2750674 14831989300bcb63f368291710a46510
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:   314700 a68a9a2cc5299b957ef823971226117a
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:   443182 d7b8296294f89bb2df6c69ac554e9d16
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.6.3-7ubuntu6.1_amd64.deb
      Size/MD5:  2504138 0f58ca14ca066713c273c159f6e1295d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/karbon_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:   975268 1a3b2bb23cdf4fd7ae942e53672706f1
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kchart_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:  1306222 c812ef558f13e43eb448aa56d6797ed4
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kexi_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:  3563484 9a47762bf756eef0defe1a690017b361
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kformula_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:  1015886 5f39c46934ad9dfb55b36acd135d5b59
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kivio_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:   527296 e4d1682301bf58d5df51792162671e1e
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dbg_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5: 53049888 7baa946b92618169cdee4eab005e2533
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-dev_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:   409804 ff440307934403aa404a2416a6fc00a2
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koffice-libs_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:  2423308 2933a46777c6be5dd6e588afb056ce83
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/koshell_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:   174422 65acfb083c6dcde10f29c22d7cb2891d
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kplato_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:   868786 b0f68c2390f2761fed67ed9cee032add
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kpresenter_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:  1234468 b6f06fa397725d1b915683aa8850c600
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/krita_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:  3037920 00a2c6161359ed7a982186ae9f82af06
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kspread_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:  2634754 9a631d806d414d56e03293e108cdd19a
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kthesaurus_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:   312056 e51b7691be77c0ee20224ff524f120ac
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kugar_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:   430552 fe51a92f6d4db43d4c9c12c8ddda16ed
    http://security.ubuntu.com/ubuntu/pool/main/k/koffice/kword_1.6.3-7ubuntu6.1_i386.deb
      Size/MD5:  2362696 92d4dc922ef2a920dd580b41493f7226

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/k/koffice/karbon_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:   975296 dfe1b44a9c29a543fe6d76b5f0bdfbc2
    http://ports.ubuntu.com/pool/main/k/koffice/kchart_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:  1309438 05e8ca4579040c084f38a5a174055325
    http://ports.ubuntu.com/pool/main/k/koffice/kexi_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:  3579118 2e344131f0aaf4231c21af2fb8298833
    http://ports.ubuntu.com/pool/main/k/koffice/kformula_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:  1014884 c46aad3850fe256baf9ea38262d3a0d4
    http://ports.ubuntu.com/pool/main/k/koffice/kivio_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:   529176 d0ed2edaf57e2e02e73a22f15b86fdc6
    http://ports.ubuntu.com/pool/main/k/koffice/koffice-dbg_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5: 53089422 ad89de6273a8f796239423c5b4b478e8
    http://ports.ubuntu.com/pool/main/k/koffice/koffice-dev_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:   394468 c410cb7ac1bfffabf2b2c0b0119e829c
    http://ports.ubuntu.com/pool/main/k/koffice/koffice-libs_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:  2438608 66fd9a1471e34c9a5baac9d6ec2b3bd4
    http://ports.ubuntu.com/pool/main/k/koffice/koshell_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:   174116 1d6410c4f8dddddc24d80666f8278c0c
    http://ports.ubuntu.com/pool/main/k/koffice/kplato_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:   865740 78ffc8a66fe0c555e35c71d4f8734a91
    http://ports.ubuntu.com/pool/main/k/koffice/kpresenter_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:  1240814 1c4d13855664db29a2e1923e929ceecc
    http://ports.ubuntu.com/pool/main/k/koffice/krita_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:  3036992 498218cbda6e3d3abac07ce88c6e0c2c
    http://ports.ubuntu.com/pool/main/k/koffice/kspread_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:  2650892 5950f9bc22ab50db430eac56d9f04697
    http://ports.ubuntu.com/pool/main/k/koffice/kthesaurus_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:   312060 005610b199a0d8ce05d1def703c890bb
    http://ports.ubuntu.com/pool/main/k/koffice/kugar_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:   432602 75b05844e99f7e2ad4ab6e20e5bed539
    http://ports.ubuntu.com/pool/main/k/koffice/kword_1.6.3-7ubuntu6.1_lpia.deb
      Size/MD5:  2371784 607adbbcfd28fbe1a2750fc004418c14

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/k/koffice/karbon_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:  1068778 523593d94079fba3e0364f908a1a1a57
    http://ports.ubuntu.com/pool/main/k/koffice/kchart_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:  1364554 258dc9b33e6d270ff719c91e3ef37db9
    http://ports.ubuntu.com/pool/main/k/koffice/kexi_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:  3709952 28d37bcb119b836c3a4e92407738fa7f
    http://ports.ubuntu.com/pool/main/k/koffice/kformula_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:  1027620 5e2309d118d267e9b692fec5ee16a0db
    http://ports.ubuntu.com/pool/main/k/koffice/kivio_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:   587256 bead26a9cc80d7bea3c00416b178377c
    http://ports.ubuntu.com/pool/main/k/koffice/koffice-dbg_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5: 55955530 ed06d8fe4737caa802c47e83dbb466e1
    http://ports.ubuntu.com/pool/main/k/koffice/koffice-dev_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:   394498 c30a126fa23c2506750e211a4b126fa9
    http://ports.ubuntu.com/pool/main/k/koffice/koffice-libs_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:  2619418 5370a9dcf9f00cc78da20ee4adfb4c8b
    http://ports.ubuntu.com/pool/main/k/koffice/koshell_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:   180344 141e38c24581f2c8f023e57fca067cb4
    http://ports.ubuntu.com/pool/main/k/koffice/kplato_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:   903470 8abaab749117c77c22446495e59e309c
    http://ports.ubuntu.com/pool/main/k/koffice/kpresenter_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:  1321174 cac2871f1847863b4b2ebf565b25df19
    http://ports.ubuntu.com/pool/main/k/koffice/krita_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:  3394952 44a59865f180b3d5500dc0cd4e0b906e
    http://ports.ubuntu.com/pool/main/k/koffice/kspread_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:  2718124 479211cb5a9018ba6fa4000a280c77e1
    http://ports.ubuntu.com/pool/main/k/koffice/kthesaurus_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:   320612 9e2c1960e9fc010e6dcc25a0cb1574b4
    http://ports.ubuntu.com/pool/main/k/koffice/kugar_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:   454328 61ee3edf596ea67f4faa0974cd46be30
    http://ports.ubuntu.com/pool/main/k/koffice/kword_1.6.3-7ubuntu6.1_powerpc.deb
      Size/MD5:  2512304 43c6105b4fae1f63b48c449365e95087

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/k/koffice/karbon_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:   962916 ad7e5830f033940223ed825226496183
    http://ports.ubuntu.com/pool/main/k/koffice/kchart_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:  1304972 050e2196a5c5ccb31c89741a9b0f2b6d
    http://ports.ubuntu.com/pool/main/k/koffice/kexi_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:  3410504 ec1e27da573bd6b2464edc8b45ba0814
    http://ports.ubuntu.com/pool/main/k/koffice/kformula_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:  1013536 ef4bda5f39caed0b5ca4144e49c1097a
    http://ports.ubuntu.com/pool/main/k/koffice/kivio_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:   528266 7d60ee9ce5489fce6aa0f87d8178ca0c
    http://ports.ubuntu.com/pool/main/k/koffice/koffice-dbg_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5: 51732154 137a826d403b455408b815aea0f2104a
    http://ports.ubuntu.com/pool/main/k/koffice/koffice-dev_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:   394506 4cfc6172b52148a1f9de20997657c590
    http://ports.ubuntu.com/pool/main/k/koffice/koffice-libs_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:  2354854 8c1e19804067a2aa70409e334917070e
    http://ports.ubuntu.com/pool/main/k/koffice/koshell_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:   172078 77aa57456966572fd5e151fc3fdbf72c
    http://ports.ubuntu.com/pool/main/k/koffice/kplato_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:   855470 aba0765689e839609756f3eb27693058
    http://ports.ubuntu.com/pool/main/k/koffice/kpresenter_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:  1223480 94ba8198733e21a488c0d6da4493b1c2
    http://ports.ubuntu.com/pool/main/k/koffice/krita_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:  3002516 1a884308c7fb75403d49cf1ff73fe79f
    http://ports.ubuntu.com/pool/main/k/koffice/kspread_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:  2565326 1fa53d14437814a657c1fe81d7269a02
    http://ports.ubuntu.com/pool/main/k/koffice/kthesaurus_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:   311270 97d7cca2e2a75f15288e8725fd4b905e
    http://ports.ubuntu.com/pool/main/k/koffice/kugar_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:   426002 0c83afb3dbd67a10c11cc7d310e81511
    http://ports.ubuntu.com/pool/main/k/koffice/kword_1.6.3-7ubuntu6.1_sparc.deb
      Size/MD5:  2311632 c449bd3fa59e22f9e32a884ffc3f81cf




Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ