Debian-Sicherheitsankündigung
DSA-1509-1 koffice -- Mehrere Verwundbarkeiten
- Datum des Berichts:
- 25. Feb 2008
- Betroffene Pakete:
- koffice
- Verwundbar:
- Ja
- Sicherheitsdatenbanken-Referenzen:
- In Mitres CVE-Verzeichnis: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393.
- Weitere Informationen:
-
Mehrere Verwundbarkeiten wurden im xpdf-Code entdeckt, der in koffice, einer integrierten Office-Suite für KDE, eingebettet ist. Diese Probleme könnten einem Angreifer ermöglichen, beliebigen Code auszuführen, indem der Benutzer dazu gebracht wird, ein speziell erzeugtes PDF-Dokument zu importieren. Das
Common Vulnerabilities and Exposures
-Projekt identifiziert die folgenden Probleme:- CVE-2007-4352
Ein Feldzugriff-Fehler in der Methode DCTStream::readProgressiveDataUnit in xpdf/Stream.cc in Xpdf 3.02pl1, wie sie in poppler, teTeX, KDE, KOffice, CUPS und anderen Produkten verwendet wird, ermöglicht entfernten Angreifern die Auslösung einer Speicherkorruption und die Ausführung beliebigen Codes mittels einer speziell erzeugten PDF-Datei.
- CVE-2007-5392
Ein Integer-Überlauf in der Methode DCTStream::reset in xpdf/Stream.cc in Xpdf 3.02p11 ermöglicht entfernten Angreifern die Ausführung beliebigen Codes mittels einer speziell erzeugten PDF-Datei, was zu einem Heap-basierten Pufferüberlauf führt.
- CVE-2007-5393
Ein Heap-basierter Pufferüberlauf in der Methode CCITTFaxStream::lookChar in xpdf/Stream.cc in Xpdf 3.02p11 ermöglicht entfernten Angreifern die Ausführung beliebigen Codes mittels einer PDF-Datei, die einen speziell erzeugten CCITTFaxDecode-Filter enthält.
Aktualisierungen für die alte Stable-Distribution (Sarge) werden so bald wie möglich zur Verfügung gestellt.
Für die Stable-Distribution (Etch) wurden diese Probleme in Version 1:1.6.1-2etch2 behoben.
Wir empfehlen Ihnen, Ihr koffice-Paket zu aktualisieren.
- CVE-2007-4352
- Behoben in:
-
Debian GNU/Linux 4.0 (etch)
- Quellcode:
- http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch2.diff.gz
- http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch2.dsc
- http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch2.diff.gz
- Architektur-unabhängige Dateien:
- http://security.debian.org/pool/updates/main/k/koffice/koffice-data_1.6.1-2etch2_all.deb
- http://security.debian.org/pool/updates/main/k/koffice/kword-data_1.6.1-2etch2_all.deb
- http://security.debian.org/pool/updates/main/k/koffice/kivio-data_1.6.1-2etch2_all.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-doc_1.6.1-2etch2_all.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-doc-html_1.6.1-2etch2_all.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice_1.6.1-2etch2_all.deb
- http://security.debian.org/pool/updates/main/k/koffice/kpresenter-data_1.6.1-2etch2_all.deb
- http://security.debian.org/pool/updates/main/k/koffice/krita-data_1.6.1-2etch2_all.deb
- http://security.debian.org/pool/updates/main/k/koffice/kword-data_1.6.1-2etch2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_alpha.deb
- http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_amd64.deb
- http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_amd64.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_hppa.deb
- http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_i386.deb
- http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_i386.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_mips.deb
- http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_mips.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_s390.deb
- http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/krita_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kchart_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kugar_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kspread_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kword_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kformula_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kivio_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/karbon_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/koshell_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/koffice-dbg_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kplato_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kthesaurus_1.6.1-2etch2_sparc.deb
- http://security.debian.org/pool/updates/main/k/koffice/kexi_1.6.1-2etch2_sparc.deb
MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.