[Full-disclosure] [ MDVSA-2008:197 ] koffice




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:197
http://www.mandriva.com/security/
_______________________________________________________________________

Package : koffice
Date : September 15, 2008
Affected: 2008.0, 2008.1
_______________________________________________________________________

Problem Description:

Kees Cook of Ubuntu security found a flaw in how poppler prior
to version 0.6 displayed malformed fonts embedded in PDF files.
An attacker could create a malicious PDF file that would cause
applications using poppler to crash, or possibly execute arbitrary
code when opened (CVE-2008-1693).

This vulnerability also affected KOffice, so the updated packages
have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1693
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
283b9bd37cc40748272533cc09e97df5 2008.0/i586/koffice-1.6.3-9.2mdv2008.0.i586.rpm
95a19b9c987c19e71a102fc68dd51797 2008.0/i586/koffice-karbon-1.6.3-9.2mdv2008.0.i586.rpm
bf7eef6f052174678feb692103a92155 2008.0/i586/koffice-kexi-1.6.3-9.2mdv2008.0.i586.rpm
bc943ffac6d8277300645e04bd8b520c 2008.0/i586/koffice-kformula-1.6.3-9.2mdv2008.0.i586.rpm
203e3ea3d0c155077f73c76e1ad19e6f 2008.0/i586/koffice-kivio-1.6.3-9.2mdv2008.0.i586.rpm
e8750033794aa7bb2ddb8fa5a2c405fd 2008.0/i586/koffice-koshell-1.6.3-9.2mdv2008.0.i586.rpm
fd38ad84b37fdeaa085af5426870b148 2008.0/i586/koffice-kplato-1.6.3-9.2mdv2008.0.i586.rpm
16516205121e835db5b38c6e79bcfe05 2008.0/i586/koffice-kpresenter-1.6.3-9.2mdv2008.0.i586.rpm
7c96726a941bb2da9500971fb6c946cf 2008.0/i586/koffice-krita-1.6.3-9.2mdv2008.0.i586.rpm
997acdb3520875262f4a4fd1c523e38f 2008.0/i586/koffice-kspread-1.6.3-9.2mdv2008.0.i586.rpm
8b3ff56c28205a4d346ff3672e220e72 2008.0/i586/koffice-kugar-1.6.3-9.2mdv2008.0.i586.rpm
c36beb51133418358c8c92ecad2689e7 2008.0/i586/koffice-kword-1.6.3-9.2mdv2008.0.i586.rpm
e59a633f08275a64b2088ed25bfb294a 2008.0/i586/koffice-progs-1.6.3-9.2mdv2008.0.i586.rpm
d5455d791cf0156d6742292c638483c7 2008.0/i586/libkoffice2-karbon-1.6.3-9.2mdv2008.0.i586.rpm
05633b1fa1c7f6556de03bd08a4b6d77 2008.0/i586/libkoffice2-karbon-devel-1.6.3-9.2mdv2008.0.i586.rpm
66f0ea6a1b60d885113e6d56f474f8bb 2008.0/i586/libkoffice2-kexi-1.6.3-9.2mdv2008.0.i586.rpm
a187081fa8be73c2d8502a2118989585 2008.0/i586/libkoffice2-kexi-devel-1.6.3-9.2mdv2008.0.i586.rpm
3440fd7e3593bfe681fe181f0a878905 2008.0/i586/libkoffice2-kformula-1.6.3-9.2mdv2008.0.i586.rpm
98ffee5c094f52360791cd851aa8f3e6 2008.0/i586/libkoffice2-kformula-devel-1.6.3-9.2mdv2008.0.i586.rpm
707f2702ea76c574a811be3e42b26904 2008.0/i586/libkoffice2-kivio-1.6.3-9.2mdv2008.0.i586.rpm
114c5024a38eafc7ad6eec0a016a04e9 2008.0/i586/libkoffice2-kivio-devel-1.6.3-9.2mdv2008.0.i586.rpm
78c1002a4b10c8a47b217a2670578a74 2008.0/i586/libkoffice2-koshell-1.6.3-9.2mdv2008.0.i586.rpm
66c5643adf86b4f5930769f3580b270b 2008.0/i586/libkoffice2-kplato-1.6.3-9.2mdv2008.0.i586.rpm
bc213a867b140d3e44c4770be7a6ed7c 2008.0/i586/libkoffice2-kpresenter-1.6.3-9.2mdv2008.0.i586.rpm
70739c5d2319493c70c17198e327bfec 2008.0/i586/libkoffice2-kpresenter-devel-1.6.3-9.2mdv2008.0.i586.rpm
58f52c7fc2cbc0e149e973c4414ee0f9 2008.0/i586/libkoffice2-krita-1.6.3-9.2mdv2008.0.i586.rpm
5d1f0149e8f3da5582bb470829f66412 2008.0/i586/libkoffice2-krita-devel-1.6.3-9.2mdv2008.0.i586.rpm
2278f48e081680308a2674ff55b7b9ea 2008.0/i586/libkoffice2-kspread-1.6.3-9.2mdv2008.0.i586.rpm
2d57807564c71353f9863d007c8ec0fb 2008.0/i586/libkoffice2-kspread-devel-1.6.3-9.2mdv2008.0.i586.rpm
6266b714ab7f1c436c1568a46238f892 2008.0/i586/libkoffice2-kugar-1.6.3-9.2mdv2008.0.i586.rpm
0bb0860343fb7879b314aa7be15a5131 2008.0/i586/libkoffice2-kugar-devel-1.6.3-9.2mdv2008.0.i586.rpm
c728af53e8bafc0d63e2154e5e2e3e0d 2008.0/i586/libkoffice2-kword-1.6.3-9.2mdv2008.0.i586.rpm
441af8840d1f463a0facde645352ea2f 2008.0/i586/libkoffice2-kword-devel-1.6.3-9.2mdv2008.0.i586.rpm
5369a7f0ad2ea01a4dcc001030fd75ab 2008.0/i586/libkoffice2-progs-1.6.3-9.2mdv2008.0.i586.rpm
b894e8902ff3caaf3f551528295b5762 2008.0/i586/libkoffice2-progs-devel-1.6.3-9.2mdv2008.0.i586.rpm
3ad53c7c3355ba5701842460ce357089 2008.0/SRPMS/koffice-1.6.3-9.2mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
a44b8f4851686451b697ce4f99987306 2008.0/x86_64/koffice-1.6.3-9.2mdv2008.0.x86_64.rpm
c993fc059b1c79ea85d48b48a89d413a 2008.0/x86_64/koffice-karbon-1.6.3-9.2mdv2008.0.x86_64.rpm
4d445d9399112fe14c9fe77780cc1bec 2008.0/x86_64/koffice-kexi-1.6.3-9.2mdv2008.0.x86_64.rpm
605cf33c2e4332091b668c3894fb22b6 2008.0/x86_64/koffice-kformula-1.6.3-9.2mdv2008.0.x86_64.rpm
1dd0d72bca9fafeef90e0448eae91bd8 2008.0/x86_64/koffice-kivio-1.6.3-9.2mdv2008.0.x86_64.rpm
ddb63a1cf65e321c5a45bf2dfd2415d9 2008.0/x86_64/koffice-koshell-1.6.3-9.2mdv2008.0.x86_64.rpm
51c250a69e9ebcb88978773b467cad56 2008.0/x86_64/koffice-kplato-1.6.3-9.2mdv2008.0.x86_64.rpm
550f2a57fb7315b919613625cbbbe011 2008.0/x86_64/koffice-kpresenter-1.6.3-9.2mdv2008.0.x86_64.rpm
593ea6d58450cf0a598cbbe15b47afc7 2008.0/x86_64/koffice-krita-1.6.3-9.2mdv2008.0.x86_64.rpm
1ec25e98e30548263e825151ad87048c 2008.0/x86_64/koffice-kspread-1.6.3-9.2mdv2008.0.x86_64.rpm
c393ef755d233433aedf6fbef52cdb44 2008.0/x86_64/koffice-kugar-1.6.3-9.2mdv2008.0.x86_64.rpm
a8bdfb26d45717bc9bb5dbf49ad84460 2008.0/x86_64/koffice-kword-1.6.3-9.2mdv2008.0.x86_64.rpm
6582182b948f06d129ef3479cd918ab7 2008.0/x86_64/koffice-progs-1.6.3-9.2mdv2008.0.x86_64.rpm
e2799f529255611ed65d7f8290519e3b 2008.0/x86_64/lib64koffice2-karbon-1.6.3-9.2mdv2008.0.x86_64.rpm
2548049431b648d4b03b681ff0f70195 2008.0/x86_64/lib64koffice2-karbon-devel-1.6.3-9.2mdv2008.0.x86_64.rpm
13552f27b082b45795c6e5feba112afd 2008.0/x86_64/lib64koffice2-kexi-1.6.3-9.2mdv2008.0.x86_64.rpm
2aff80223906735bc611cf8ea103252b 2008.0/x86_64/lib64koffice2-kexi-devel-1.6.3-9.2mdv2008.0.x86_64.rpm
6d334bbeeb5525e35c8fef66141a4899 2008.0/x86_64/lib64koffice2-kformula-1.6.3-9.2mdv2008.0.x86_64.rpm
e18207cb7920b159d832d7313d6750b3 2008.0/x86_64/lib64koffice2-kformula-devel-1.6.3-9.2mdv2008.0.x86_64.rpm
8a0f4dd6afbb3650817c5cb972c38c77 2008.0/x86_64/lib64koffice2-kivio-1.6.3-9.2mdv2008.0.x86_64.rpm
dbe7a3769252ed98db074b7406203710 2008.0/x86_64/lib64koffice2-kivio-devel-1.6.3-9.2mdv2008.0.x86_64.rpm
c189eb7d838208bd72e1546d1bbff2f1 2008.0/x86_64/lib64koffice2-koshell-1.6.3-9.2mdv2008.0.x86_64.rpm
a26113059fc95fbbba81128d8ea8fdc8 2008.0/x86_64/lib64koffice2-kplato-1.6.3-9.2mdv2008.0.x86_64.rpm
8c5eaf6a02a60ed5fa89ac6289134c57 2008.0/x86_64/lib64koffice2-kpresenter-1.6.3-9.2mdv2008.0.x86_64.rpm
9eb2f37d0af0de0c6b9173b64d8effbb 2008.0/x86_64/lib64koffice2-kpresenter-devel-1.6.3-9.2mdv2008.0.x86_64.rpm
dcdd80d2aaa038a6449395727edca44d 2008.0/x86_64/lib64koffice2-krita-1.6.3-9.2mdv2008.0.x86_64.rpm
2aed7c6dbd81d65313431b6c2adae3d4 2008.0/x86_64/lib64koffice2-krita-devel-1.6.3-9.2mdv2008.0.x86_64.rpm
67bd681bd2b01fec809d51827d46ef8e 2008.0/x86_64/lib64koffice2-kspread-1.6.3-9.2mdv2008.0.x86_64.rpm
150f569cafd4eb10cbab3da9a1c49b57 2008.0/x86_64/lib64koffice2-kspread-devel-1.6.3-9.2mdv2008.0.x86_64.rpm
fd851d7a383aa15ee615b5391dd1ed6d 2008.0/x86_64/lib64koffice2-kugar-1.6.3-9.2mdv2008.0.x86_64.rpm
87f4aa2a7db7654b0c07a252760d11c7 2008.0/x86_64/lib64koffice2-kugar-devel-1.6.3-9.2mdv2008.0.x86_64.rpm
d50a8e4003d34a46f27970b0f446d10a 2008.0/x86_64/lib64koffice2-kword-1.6.3-9.2mdv2008.0.x86_64.rpm
ba1654ce9d1f878791036875be7bfcce 2008.0/x86_64/lib64koffice2-kword-devel-1.6.3-9.2mdv2008.0.x86_64.rpm
ef591808e52e9ed044a2ef522d3004d4 2008.0/x86_64/lib64koffice2-progs-1.6.3-9.2mdv2008.0.x86_64.rpm
c82e16c0b7cd0c6919be9bcff9a35b33 2008.0/x86_64/lib64koffice2-progs-devel-1.6.3-9.2mdv2008.0.x86_64.rpm
3ad53c7c3355ba5701842460ce357089 2008.0/SRPMS/koffice-1.6.3-9.2mdv2008.0.src.rpm

Mandriva Linux 2008.1:
774a2ccdf5b4bc88449f6a4455424ca5 2008.1/i586/koffice-1.6.3-19.1mdv2008.1.i586.rpm
562c7413f0e73ecdc955410d42f951cb 2008.1/i586/koffice-common-1.6.3-19.1mdv2008.1.i586.rpm
a5304a4fb2fdce14f89ffb0582116a3a 2008.1/i586/koffice-devel-1.6.3-19.1mdv2008.1.i586.rpm
5ccb56b67395a09c7018f7f6ff99760b 2008.1/i586/koffice-karbon-1.6.3-19.1mdv2008.1.i586.rpm
4454ef000a3b746e486792c0544592bc 2008.1/i586/koffice-kchart-1.6.3-19.1mdv2008.1.i586.rpm
05cf9e03408b36f2b750a7731cf9d183 2008.1/i586/koffice-kexi-1.6.3-19.1mdv2008.1.i586.rpm
37a2fb3f7d487d8974be42afa3ea8e88 2008.1/i586/koffice-kformula-1.6.3-19.1mdv2008.1.i586.rpm
27dc3caf773995269c6ca44f65e884e2 2008.1/i586/koffice-kivio-1.6.3-19.1mdv2008.1.i586.rpm
67565ac767963c8f1fae9a721cfe4862 2008.1/i586/koffice-koshell-1.6.3-19.1mdv2008.1.i586.rpm
26585dfeaa235eb845e93a45a4fb90cd 2008.1/i586/koffice-kplato-1.6.3-19.1mdv2008.1.i586.rpm
e2382d23257e9334ce585f905806fd06 2008.1/i586/koffice-kpresenter-1.6.3-19.1mdv2008.1.i586.rpm
c3cf92cfb5265078cf435eee93f064af 2008.1/i586/koffice-krita-1.6.3-19.1mdv2008.1.i586.rpm
0746d29f2ccf379271321c6d431a91ae 2008.1/i586/koffice-kspread-1.6.3-19.1mdv2008.1.i586.rpm
53ba8806bf155e5bc69c08a43adab6a8 2008.1/i586/koffice-kugar-1.6.3-19.1mdv2008.1.i586.rpm
1fab2629ce0c9e5e2861f675e24c345b 2008.1/i586/koffice-kword-1.6.3-19.1mdv2008.1.i586.rpm
9d374644a90fea98e192d38a64ca57ce 2008.1/i586/libkoffice2-common-1.6.3-19.1mdv2008.1.i586.rpm
34afede35ea92b27074eab585d71df4a 2008.1/i586/libkoffice2-karbon-1.6.3-19.1mdv2008.1.i586.rpm
181832cb83f0b24c2670f218482c7f95 2008.1/i586/libkoffice2-kchart-1.6.3-19.1mdv2008.1.i586.rpm
a771fa214f6d6d1ec77018ce8bc5609a 2008.1/i586/libkoffice2-kexi-1.6.3-19.1mdv2008.1.i586.rpm
b0678a3a2edc36e49722d52950c5d79c 2008.1/i586/libkoffice2-kformula-1.6.3-19.1mdv2008.1.i586.rpm
0dfa51205294fdf591282914d54d56c8 2008.1/i586/libkoffice2-kivio-1.6.3-19.1mdv2008.1.i586.rpm
b457f71e99e4e5f57372fcf63caf7669 2008.1/i586/libkoffice2-kpresenter-1.6.3-19.1mdv2008.1.i586.rpm
dc48627bf08495262f849a996b0b598a 2008.1/i586/libkoffice2-krita-1.6.3-19.1mdv2008.1.i586.rpm
4f1c5e2b8af4fa76281d2f3766fef91f 2008.1/i586/libkoffice2-kspread-1.6.3-19.1mdv2008.1.i586.rpm
2ce96aa07fe2c4e0e9dd155ded75ce9b 2008.1/i586/libkoffice2-kugar-1.6.3-19.1mdv2008.1.i586.rpm
712d7decb6e468194262fb757f32398f 2008.1/i586/libkoffice2-kword-1.6.3-19.1mdv2008.1.i586.rpm
a86f8b753457ac90cfe9f99ccd4745a4 2008.1/SRPMS/koffice-1.6.3-19.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
d95c018b808ccbc72ce2db4d7ab7e510 2008.1/x86_64/koffice-1.6.3-19.1mdv2008.1.x86_64.rpm
1413fa9eb55299773f431a4fec14e74a 2008.1/x86_64/koffice-common-1.6.3-19.1mdv2008.1.x86_64.rpm
69171a5ffb3a08baa4d32440cc632240 2008.1/x86_64/koffice-devel-1.6.3-19.1mdv2008.1.x86_64.rpm
6eed8ecf9ced7f903482b01f25ffcc7a 2008.1/x86_64/koffice-karbon-1.6.3-19.1mdv2008.1.x86_64.rpm
8d0cd664c768446de06793d176d44c17 2008.1/x86_64/koffice-kchart-1.6.3-19.1mdv2008.1.x86_64.rpm
1653c302244b6f591097dc3065455869 2008.1/x86_64/koffice-kexi-1.6.3-19.1mdv2008.1.x86_64.rpm
37d573b2a37f2a60872f9164582ab4ab 2008.1/x86_64/koffice-kformula-1.6.3-19.1mdv2008.1.x86_64.rpm
cf13115fcb3dede91e26605871f47f33 2008.1/x86_64/koffice-kivio-1.6.3-19.1mdv2008.1.x86_64.rpm
0fe5b5def09daab1ff315adb62448ddc 2008.1/x86_64/koffice-koshell-1.6.3-19.1mdv2008.1.x86_64.rpm
1bea7042eaa799ac35624472cde4ea4b 2008.1/x86_64/koffice-kplato-1.6.3-19.1mdv2008.1.x86_64.rpm
9e14ede15e5f7540973498fbbda18c0b 2008.1/x86_64/koffice-kpresenter-1.6.3-19.1mdv2008.1.x86_64.rpm
248eee82df3c8389074fa96b882a7e61 2008.1/x86_64/koffice-krita-1.6.3-19.1mdv2008.1.x86_64.rpm
cbf1e3a3b42d5feaa718dfa113049d07 2008.1/x86_64/koffice-kspread-1.6.3-19.1mdv2008.1.x86_64.rpm
70a878bf95cfbaf8f82c46030fc56e4d 2008.1/x86_64/koffice-kugar-1.6.3-19.1mdv2008.1.x86_64.rpm
6f057458727d09b50285f2317d4fccc4 2008.1/x86_64/koffice-kword-1.6.3-19.1mdv2008.1.x86_64.rpm
9059a789350b2020e20d36f62e9011d7 2008.1/x86_64/lib64koffice2-common-1.6.3-19.1mdv2008.1.x86_64.rpm
5b7a4c69a48baa4ea78183aaa21f0c3c 2008.1/x86_64/lib64koffice2-karbon-1.6.3-19.1mdv2008.1.x86_64.rpm
367233fb1f5491751aedc2d1a90b960e 2008.1/x86_64/lib64koffice2-kchart-1.6.3-19.1mdv2008.1.x86_64.rpm
dd196530e4926946ee4fc78af6c66081 2008.1/x86_64/lib64koffice2-kexi-1.6.3-19.1mdv2008.1.x86_64.rpm
4d9ef926e4fc8861c5f90960d5f36ae7 2008.1/x86_64/lib64koffice2-kformula-1.6.3-19.1mdv2008.1.x86_64.rpm
762395046d2fd10eaa71e099fd23c413 2008.1/x86_64/lib64koffice2-kivio-1.6.3-19.1mdv2008.1.x86_64.rpm
3a5c6ff34ec0ef6e9aa158e8bb4c80d3 2008.1/x86_64/lib64koffice2-kpresenter-1.6.3-19.1mdv2008.1.x86_64.rpm
2de772af463c9c3217c1d2c4e36e2974 2008.1/x86_64/lib64koffice2-krita-1.6.3-19.1mdv2008.1.x86_64.rpm
30986ea36a83687cf804e2bb6bb0967f 2008.1/x86_64/lib64koffice2-kspread-1.6.3-19.1mdv2008.1.x86_64.rpm
224292f5a137c600748172202978f9f9 2008.1/x86_64/lib64koffice2-kugar-1.6.3-19.1mdv2008.1.x86_64.rpm
2e457512cc3e887f16f7a410cc1074fb 2008.1/x86_64/lib64koffice2-kword-1.6.3-19.1mdv2008.1.x86_64.rpm
a86f8b753457ac90cfe9f99ccd4745a4 2008.1/SRPMS/koffice-1.6.3-19.1mdv2008.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIzr9AmqjQ0CJFipgRAm18AJ4o2x/CFaLLGxhqDhpN5p9CFWxi2gCdEi7J
Rs7wyO8pNgyTZLPdSLRuS3I=
=aQNO
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • [Full-disclosure] [ MDVSA-2011:079 ] firefox
    ... Chris Evans of the Chrome Security Team reported that the XSLT ... Packages for 2009.0 are provided as of the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ... If you want to report vulnerabilities, ...
    (Full-Disclosure)
  • [ MDVSA-2011:079 ] firefox
    ... Chris Evans of the Chrome Security Team reported that the XSLT ... Packages for 2009.0 are provided as of the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ... If you want to report vulnerabilities, ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2010:042 ] firefox
    ... Security researcher Orlando Barrera II reported via TippingPoint's Zero ... Packages for 2008.0 are provided for Corporate Desktop 2008.0 ... Mandriva Linux 2008.0/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2010:042 ] firefox
    ... Security researcher Orlando Barrera II reported via TippingPoint's Zero ... Packages for 2008.0 are provided for Corporate Desktop 2008.0 ... Mandriva Linux 2008.0/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2011:080 ] mozilla-thunderbird
    ... Security issues were identified and fixed in mozilla-thunderbird: ... Packages for 2009.0 are provided as of the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ...
    (Full-Disclosure)