Debian-Sicherheitsankündigung

DSA-1509-1 koffice -- Mehrere Verwundbarkeiten

Datum des Berichts:
25. Feb 2008
Betroffene Pakete:
koffice
Verwundbar:
Ja
Sicherheitsdatenbanken-Referenzen:
In Mitres CVE-Verzeichnis: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393.
Weitere Informationen:

Mehrere Verwundbarkeiten wurden im xpdf-Code entdeckt, der in koffice, einer integrierten Office-Suite für KDE, eingebettet ist. Diese Probleme könnten einem Angreifer ermöglichen, beliebigen Code auszuführen, indem der Benutzer dazu gebracht wird, ein speziell erzeugtes PDF-Dokument zu importieren. Das Common Vulnerabilities and Exposures-Projekt identifiziert die folgenden Probleme:

  • CVE-2007-4352

    Ein Feldzugriff-Fehler in der Methode DCTStream::readProgressiveDataUnit in xpdf/Stream.cc in Xpdf 3.02pl1, wie sie in poppler, teTeX, KDE, KOffice, CUPS und anderen Produkten verwendet wird, ermöglicht entfernten Angreifern die Auslösung einer Speicherkorruption und die Ausführung beliebigen Codes mittels einer speziell erzeugten PDF-Datei.

  • CVE-2007-5392

    Ein Integer-Überlauf in der Methode DCTStream::reset in xpdf/Stream.cc in Xpdf 3.02p11 ermöglicht entfernten Angreifern die Ausführung beliebigen Codes mittels einer speziell erzeugten PDF-Datei, was zu einem Heap-basierten Pufferüberlauf führt.

  • CVE-2007-5393

    Ein Heap-basierter Pufferüberlauf in der Methode CCITTFaxStream::lookChar in xpdf/Stream.cc in Xpdf 3.02p11 ermöglicht entfernten Angreifern die Ausführung beliebigen Codes mittels einer PDF-Datei, die einen speziell erzeugten CCITTFaxDecode-Filter enthält.

Aktualisierungen für die alte Stable-Distribution (Sarge) werden so bald wie möglich zur Verfügung gestellt.

Für die Stable-Distribution (Etch) wurden diese Probleme in Version 1:1.6.1-2etch2 behoben.

Wir empfehlen Ihnen, Ihr koffice-Paket zu aktualisieren.

Behoben in:

Debian GNU/Linux 4.0 (etch)

Quellcode:
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1.orig.tar.gz
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch2.diff.gz
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch2.dsc
Architektur-unabhängige Dateien:
http://security.debian.org/pool/updates/main/k/koffice/koffice-data_1.6.1-2etch2_all.deb
http://security.debian.org/pool/updates/main/k/koffice/kword-data_1.6.1-2etch2_all.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio-data_1.6.1-2etch2_all.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-doc_1.6.1-2etch2_all.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-doc-html_1.6.1-2etch2_all.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch2_all.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter-data_1.6.1-2etch2_all.deb
http://security.debian.org/pool/updates/main/k/koffice/krita-data_1.6.1-2etch2_all.deb
Alpha:
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_amd64.deb
HP Precision:
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_i386.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_i386.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_mips.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_mips.deb
PowerPC:
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_s390.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_sparc.deb
http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.