Debian セキュリティ勧告

DSA-938-1 koffice -- バッファオーバフロー

報告日時:
2006-01-12
影響を受けるパッケージ:
koffice
危険性:
あり
参考セキュリティデータベース:
Mitre の CVE 辞書: CVE-2005-3191, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628.
詳細:

infamous41md さんと Chris Evans さんが、Portable Document Format (PDF) スイート xpdf にヒープベースのバッファオーバフローを複数、発見しました。 KDE オフィススイート koffice にも同じコードが存在します。 アプリケーションをクラッシュさせることによるサービス拒否や、 潜在的には任意のコードの実行につながる可能性があります。

旧安定版 (old stable) ディストリビューション (woody) には koffice パッケージは含まれません。

安定版 (stable) ディストリビューション (sarge) では、この問題はバージョン 1.3.5-4.sarge.2 で修正されています。

不安定版 (unstable) ディストリビューション (sid) では、この問題はバージョン 1.4.2-6 で修正されています。

直ちに koffice パッケージをアップグレードすることを勧めます。

修正:

Debian GNU/Linux 3.1 (sarge)

ソース:
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.2.dsc
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.2.diff.gz
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5.orig.tar.gz
アーキテクチャ非依存コンポーネント:
http://security.debian.org/pool/updates/main/k/koffice/kivio-data_1.3.5-4.sarge.2_all.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-data_1.3.5-4.sarge.2_all.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-doc-html_1.3.5-4.sarge.2_all.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.2_all.deb
Alpha:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_sparc.deb

一覧にあるファイルの MD5 チェックサムは勧告の原文にあります。