exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-197

Mandriva Linux Security Advisory 2008-197
Posted Sep 17, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened. This vulnerability also affected KOffice, so the updated packages have been patched to correct this issue. A file conflicts existed between one of the library packages and the koffice-devel package which prevented successful upgrades if koffice-devel was previously installed. This update removes the conflicting file from koffice-devel.

tags | advisory, arbitrary
systems | linux, ubuntu, mandriva
advisories | CVE-2008-1693
SHA-256 | 93d0d1738ee01446f6a1baffed0f981ea4f49adbc3b0871cc0b229e33332a306

Mandriva Linux Security Advisory 2008-197

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:197-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : koffice
Date : September 16, 2008
Affected: 2008.1
_______________________________________________________________________

Problem Description:

Kees Cook of Ubuntu security found a flaw in how poppler prior
to version 0.6 displayed malformed fonts embedded in PDF files.
An attacker could create a malicious PDF file that would cause
applications using poppler to crash, or possibly execute arbitrary
code when opened (CVE-2008-1693).

This vulnerability also affected KOffice, so the updated packages
have been patched to correct this issue.

Update:

A file conflicts existed between one of the library packages and
the koffice-devel package which prevented successful upgrades if
koffice-devel was previously installed. This update removes the
conflicting file from koffice-devel.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1693
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.1:
9fc9058a61245b53820aaf028a95cb93 2008.1/i586/koffice-1.6.3-19.2mdv2008.1.i586.rpm
40e5792ca03f3afc9255c59fecef0a4b 2008.1/i586/koffice-common-1.6.3-19.2mdv2008.1.i586.rpm
c342393fe6a23cfddcbdbce991025ce9 2008.1/i586/koffice-devel-1.6.3-19.2mdv2008.1.i586.rpm
7dba80c0d6e67ba6e4209db26b0f68f7 2008.1/i586/koffice-karbon-1.6.3-19.2mdv2008.1.i586.rpm
4b673a4c809dd91d5b6773e80e81251f 2008.1/i586/koffice-kchart-1.6.3-19.2mdv2008.1.i586.rpm
668204829e9c5dfd4cf9bf5ab00ed415 2008.1/i586/koffice-kexi-1.6.3-19.2mdv2008.1.i586.rpm
6594320faca0810ad25856cfa8aa3272 2008.1/i586/koffice-kformula-1.6.3-19.2mdv2008.1.i586.rpm
24cef926dc5e0f1f36b7c6d4a7f0fd17 2008.1/i586/koffice-kivio-1.6.3-19.2mdv2008.1.i586.rpm
565ffe090c6f40478ecbc7aa4627ccd4 2008.1/i586/koffice-koshell-1.6.3-19.2mdv2008.1.i586.rpm
b7320e9146cf57967d147afcad9139b2 2008.1/i586/koffice-kplato-1.6.3-19.2mdv2008.1.i586.rpm
6bfe2eb5373b7e4188288eb045845760 2008.1/i586/koffice-kpresenter-1.6.3-19.2mdv2008.1.i586.rpm
fd464c35e15af9e49dba29c44ba47d72 2008.1/i586/koffice-krita-1.6.3-19.2mdv2008.1.i586.rpm
cd8397bda29433c8b46ff9f741e9a405 2008.1/i586/koffice-kspread-1.6.3-19.2mdv2008.1.i586.rpm
ee387b2420f701cad6ec05303c105dff 2008.1/i586/koffice-kugar-1.6.3-19.2mdv2008.1.i586.rpm
f67768d432c613b746112f2c416affb3 2008.1/i586/koffice-kword-1.6.3-19.2mdv2008.1.i586.rpm
79bd94c706ae581bd1994276de967d09 2008.1/i586/libkoffice2-common-1.6.3-19.2mdv2008.1.i586.rpm
9da17bf65e8edae5b21480d238042673 2008.1/i586/libkoffice2-karbon-1.6.3-19.2mdv2008.1.i586.rpm
701df7ab2cd5fcca80c25c0bad8421d2 2008.1/i586/libkoffice2-kchart-1.6.3-19.2mdv2008.1.i586.rpm
50a1db0344945bfcf617dbb1c415b749 2008.1/i586/libkoffice2-kexi-1.6.3-19.2mdv2008.1.i586.rpm
c3b9ad583476f50692621d99d2badd9b 2008.1/i586/libkoffice2-kformula-1.6.3-19.2mdv2008.1.i586.rpm
9e080d2f2fad5e8b0157c14fa8bda8e2 2008.1/i586/libkoffice2-kivio-1.6.3-19.2mdv2008.1.i586.rpm
8e90826b51695800eda59040126cb631 2008.1/i586/libkoffice2-kpresenter-1.6.3-19.2mdv2008.1.i586.rpm
2df5c40d758e2f438a7aa886f9dfcc5b 2008.1/i586/libkoffice2-krita-1.6.3-19.2mdv2008.1.i586.rpm
c6215129355285a626a2263461c7bb40 2008.1/i586/libkoffice2-kspread-1.6.3-19.2mdv2008.1.i586.rpm
1dc88b72c2d018bc0b93d6b2fb214a07 2008.1/i586/libkoffice2-kugar-1.6.3-19.2mdv2008.1.i586.rpm
ac2c20080bd33595365493d634cd3d3d 2008.1/i586/libkoffice2-kword-1.6.3-19.2mdv2008.1.i586.rpm
60f5019cdddb607300df1d2d4d484633 2008.1/SRPMS/koffice-1.6.3-19.2mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
67924e8788168d8a1e2ebb4933777909 2008.1/x86_64/koffice-1.6.3-19.2mdv2008.1.x86_64.rpm
d883c723221df59b1110088ab3a91d16 2008.1/x86_64/koffice-common-1.6.3-19.2mdv2008.1.x86_64.rpm
9eb30de0ed270d088f0d66f8ca9a7cd5 2008.1/x86_64/koffice-devel-1.6.3-19.2mdv2008.1.x86_64.rpm
d31dba330aae04550b0603098880d436 2008.1/x86_64/koffice-karbon-1.6.3-19.2mdv2008.1.x86_64.rpm
d7f2e4d827ac479ce83490c78d6fd684 2008.1/x86_64/koffice-kchart-1.6.3-19.2mdv2008.1.x86_64.rpm
0837250c2c8966bccb0dd91194158864 2008.1/x86_64/koffice-kexi-1.6.3-19.2mdv2008.1.x86_64.rpm
f9e004a98598a46d1610ad9944ee3daf 2008.1/x86_64/koffice-kformula-1.6.3-19.2mdv2008.1.x86_64.rpm
83e4fb3c90c0fb2b5c482caeff704639 2008.1/x86_64/koffice-kivio-1.6.3-19.2mdv2008.1.x86_64.rpm
9b5b72aeb10dc6f3d9b758937888429a 2008.1/x86_64/koffice-koshell-1.6.3-19.2mdv2008.1.x86_64.rpm
830209a19db9d7f4a81257bbc2d63142 2008.1/x86_64/koffice-kplato-1.6.3-19.2mdv2008.1.x86_64.rpm
e776b00ea58306fe327d5de020f5885b 2008.1/x86_64/koffice-kpresenter-1.6.3-19.2mdv2008.1.x86_64.rpm
299c89bff0dbd967a5412385dc6e713e 2008.1/x86_64/koffice-krita-1.6.3-19.2mdv2008.1.x86_64.rpm
4e64c85d047c4f2f157f3cdc1eb20d9a 2008.1/x86_64/koffice-kspread-1.6.3-19.2mdv2008.1.x86_64.rpm
6adeb84dbbed981435a8f68a53f3c148 2008.1/x86_64/koffice-kugar-1.6.3-19.2mdv2008.1.x86_64.rpm
5d6f9c74329bfa658b18181ed70bc9ea 2008.1/x86_64/koffice-kword-1.6.3-19.2mdv2008.1.x86_64.rpm
6934689b915ef9e0fd38b2324d5e2072 2008.1/x86_64/lib64koffice2-common-1.6.3-19.2mdv2008.1.x86_64.rpm
b64b1e7a6477ae4a11795388488864c4 2008.1/x86_64/lib64koffice2-karbon-1.6.3-19.2mdv2008.1.x86_64.rpm
f9aeb37ad12c60b7fc35bbe2b6930abf 2008.1/x86_64/lib64koffice2-kchart-1.6.3-19.2mdv2008.1.x86_64.rpm
38c55170262dd984f98b06535fd1eaad 2008.1/x86_64/lib64koffice2-kexi-1.6.3-19.2mdv2008.1.x86_64.rpm
68ef9b4dd14dd424d78077faf695668b 2008.1/x86_64/lib64koffice2-kformula-1.6.3-19.2mdv2008.1.x86_64.rpm
74da0b68b94cc4796c4dbc27511cb0b7 2008.1/x86_64/lib64koffice2-kivio-1.6.3-19.2mdv2008.1.x86_64.rpm
b024097ecec076e8cce4dbec101fc5f7 2008.1/x86_64/lib64koffice2-kpresenter-1.6.3-19.2mdv2008.1.x86_64.rpm
7ebb3b636f803be434bf961f162aa418 2008.1/x86_64/lib64koffice2-krita-1.6.3-19.2mdv2008.1.x86_64.rpm
4d74dc6617956f48d2d27cb0f284fe85 2008.1/x86_64/lib64koffice2-kspread-1.6.3-19.2mdv2008.1.x86_64.rpm
da4b013214357d6910ce74f66d33eec2 2008.1/x86_64/lib64koffice2-kugar-1.6.3-19.2mdv2008.1.x86_64.rpm
a9d1b821946469c51e7d5fa8b73a3e09 2008.1/x86_64/lib64koffice2-kword-1.6.3-19.2mdv2008.1.x86_64.rpm
60f5019cdddb607300df1d2d4d484633 2008.1/SRPMS/koffice-1.6.3-19.2mdv2008.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI0Ic6mqjQ0CJFipgRAtJXAKC3QMXcXKWrpydkNB4Mz6stYMAqGQCgqaLE
Cm7WM3LAWjUDXHujJZmgKaw=
=m713
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close