Porada dotycząca bezpieczeństwa Debiana

DSA-938-1 koffice -- przepełnienia buforów

Data Zgłoszenia:
12.01.2006
Narażone Pakiety:
koffice
Podatny:
Tak
Odnośniki do baz danych na temat bezpieczeństwa:
W słowniku CVE Mitre-a CVE-2005-3191, CVE-2005-3193, CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627, CVE-2005-3628.
Więcej informacji:

"infamous41md" oraz Chris Evans odkryli kilka przepełnień buforów opartych na stosach w pakiecie xpdf, narżedziu do obsługi plików PDF (Portable Document Format), które są także obecne w koffice, Pakiecie Biurowym KDE, które mogą prowadzić do odmowy wykonania zadania poprzez rozbicie się aplikacji, bądź też prawdopodobnie do uruchomienia dowolnego kodu.

Stara stabilna dystrybucja (woody) nie zawiera pakietów koffice.

Dla stabilnej dystrybucji (sarge) błędy te zostaną poprawione w wersji 1.3.5-4.sarge.2.

Dla niestabilnej dystrybucji (sid) błędy te zostały poprawione w wersji 1.4.2-6.

Rekomendujemy, byś uaktualnił swój pakiet koffice.

Naprawiony w:

Debian GNU/Linux 3.1 (sarge)

Źródło:
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.2.dsc
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.2.diff.gz
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5.orig.tar.gz
Element niezależny od architektury:
http://security.debian.org/pool/updates/main/k/koffice/kivio-data_1.3.5-4.sarge.2_all.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-data_1.3.5-4.sarge.2_all.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-doc-html_1.3.5-4.sarge.2_all.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.2_all.deb
Alpha:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_arm.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_ia64.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_m68k.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.2_sparc.deb

Sumy kontrolne MD5 wymienionych plików dostępne są w oryginalnej poradzie.