Gentoo Archives: gentoo-announce

From: Pierre-Yves Rofes <py@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 200710-08 ] KOffice, KWord, KPDF, KDE Graphics Libraries: Stack-based buffer overflow
Date: Tue, 09 Oct 2007 22:34:41
Message-Id: 470BFCB9.7030608@gentoo.org
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5 Gentoo Linux Security Advisory GLSA 200710-08
6 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7 http://security.gentoo.org/
8 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10 Severity: Normal
11 Title: KOffice, KWord, KPDF, KDE Graphics Libraries: Stack-based
12 buffer overflow
13 Date: October 09, 2007
14 Bugs: #187139
15 ID: 200710-08
16
17 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
18
19 Synopsis
20 ========
21
22 KPDF includes code from xpdf that is vulnerable to a stack-based buffer
23 overflow.
24
25 Background
26 ==========
27
28 KOffice is an integrated office suite for KDE. KWord is the KOffice
29 word processor. KPDF is a KDE-based PDF viewer included in the
30 kdegraphics package.
31
32 Affected packages
33 =================
34
35 -------------------------------------------------------------------
36 Package / Vulnerable / Unaffected
37 -------------------------------------------------------------------
38 1 app-office/koffice < 1.6.3-r1 >= 1.6.3-r1
39 2 app-office/kword < 1.6.3-r1 >= 1.6.3-r1
40 3 kde-base/kdegraphics < 3.5.7-r1 >= 3.5.7-r1
41 4 kde-base/kpdf < 3.5.7-r1 >= 3.5.7-r1
42 -------------------------------------------------------------------
43 4 affected packages on all of their supported architectures.
44 -------------------------------------------------------------------
45
46 Description
47 ===========
48
49 KPDF includes code from xpdf that is vulnerable to an integer overflow
50 in the StreamPredictor::StreamPredictor() function.
51
52 Impact
53 ======
54
55 A remote attacker could entice a user to open a specially crafted PDF
56 file in KWord or KPDF that would exploit the integer overflow to cause
57 a stack-based buffer overflow in the StreamPredictor::getNextLine()
58 function, possibly resulting in the execution of arbitrary code with
59 the privileges of the user running the application.
60
61 Workaround
62 ==========
63
64 There is no known workaround at this time.
65
66 Resolution
67 ==========
68
69 All KOffice users should upgrade to the latest version:
70
71 # emerge --sync
72 # emerge --ask --oneshot --verbose ">=app-office/koffice-1.6.3-r1"
73
74 All KWord users should upgrade to the latest version:
75
76 # emerge --sync
77 # emerge --ask --oneshot --verbose ">=app-office/kword-1.6.3-r1"
78
79 All KDE Graphics Libraries users should upgrade to the latest version:
80
81 # emerge --sync
82 # emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.5.7-r1"
83
84 All KPDF users should upgrade to the latest version:
85
86 # emerge --sync
87 # emerge --ask --oneshot --verbose ">=kde-base/kpdf-3.5.7-r1"
88
89 References
90 ==========
91
92 [ 1 ] CVE-2007-3387
93 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387
94
95 Availability
96 ============
97
98 This GLSA and any updates to it are available for viewing at
99 the Gentoo Security Website:
100
101 http://security.gentoo.org/glsa/glsa-200710-08.xml
102
103 Concerns?
104 =========
105
106 Security is a primary focus of Gentoo Linux and ensuring the
107 confidentiality and security of our users machines is of utmost
108 importance to us. Any security concerns should be addressed to
109 security@g.o or alternatively, you may file a bug at
110 http://bugs.gentoo.org.
111
112 License
113 =======
114
115 Copyright 2007 Gentoo Foundation, Inc; referenced text
116 belongs to its owner(s).
117
118 The contents of this document are licensed under the
119 Creative Commons - Attribution / Share Alike license.
120
121 http://creativecommons.org/licenses/by-sa/2.5
122 -----BEGIN PGP SIGNATURE-----
123 Version: GnuPG v1.4.7 (GNU/Linux)
124 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
125
126 iD8DBQFHC/y5uhJ+ozIKI5gRAoSRAJ0cJLf1yIDxpbij+qNVZELbXGqdeQCgjZNE
127 8zeF7ra2026T6grGDJk8CiI=
128 =l/gF
129 -----END PGP SIGNATURE-----
130 --
131 gentoo-announce@g.o mailing list