-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:018 http://www.mandriva.com/security/ _______________________________________________________________________ Package : koffice Date : January 18, 2007 Affected: 2007.0 _______________________________________________________________________ Problem Description: The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. The updated packages have been patched to correct this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0104 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: b1cdf9519f03f701c6e538a90a23caf9 2007.0/i586/koffice-1.5.91-3.3mdv2007.0.i586.rpm 783305f6c0b3c3cef71d8479fa17a095 2007.0/i586/koffice-karbon-1.5.91-3.3mdv2007.0.i586.rpm ff64ba24814230cf14f50e84ddccbb78 2007.0/i586/koffice-kexi-1.5.91-3.3mdv2007.0.i586.rpm 273e5672aca7b387f879aecbdef48278 2007.0/i586/koffice-kformula-1.5.91-3.3mdv2007.0.i586.rpm 37d873cba6a9b8fa9d0d6b33a71597e0 2007.0/i586/koffice-kivio-1.5.91-3.3mdv2007.0.i586.rpm d961fa397c4a72a034b7baf9e9ecfb9a 2007.0/i586/koffice-koshell-1.5.91-3.3mdv2007.0.i586.rpm 56592c5a74838446e649c15c48fe8853 2007.0/i586/koffice-kplato-1.5.91-3.3mdv2007.0.i586.rpm 4ebfda9a175e07de07ee197707434a5d 2007.0/i586/koffice-kpresenter-1.5.91-3.3mdv2007.0.i586.rpm 064db7d95802e559144bfa5b9c408bb7 2007.0/i586/koffice-krita-1.5.91-3.3mdv2007.0.i586.rpm 70fa6928e34a9ebcbd0359763695d791 2007.0/i586/koffice-kspread-1.5.91-3.3mdv2007.0.i586.rpm 1dca8ca1061a329290251bda492cb8c4 2007.0/i586/koffice-kugar-1.5.91-3.3mdv2007.0.i586.rpm a4bc6a10e43743f46cbc05173e325484 2007.0/i586/koffice-kword-1.5.91-3.3mdv2007.0.i586.rpm cf559afa4445ba333ac23062026ab76d 2007.0/i586/koffice-progs-1.5.91-3.3mdv2007.0.i586.rpm 57049355d5b9d28a540a36e9d37ea3f9 2007.0/i586/libkoffice2-karbon-1.5.91-3.3mdv2007.0.i586.rpm c28ab56ff8bc4bafb8256321ad11f69c 2007.0/i586/libkoffice2-karbon-devel-1.5.91-3.3mdv2007.0.i586.rpm dc4e1ac6a0d357a574d1d8f837e2b485 2007.0/i586/libkoffice2-kexi-1.5.91-3.3mdv2007.0.i586.rpm 305b86ad6ca9d684839308b9326ccb55 2007.0/i586/libkoffice2-kexi-devel-1.5.91-3.3mdv2007.0.i586.rpm f1011e0ad3d2783b5d01742736e3bbcc 2007.0/i586/libkoffice2-kformula-1.5.91-3.3mdv2007.0.i586.rpm 4fe66ee781ad6cd648cfa705dc6e1dbc 2007.0/i586/libkoffice2-kformula-devel-1.5.91-3.3mdv2007.0.i586.rpm 4a937f22adff9c856700f208438132cc 2007.0/i586/libkoffice2-kivio-1.5.91-3.3mdv2007.0.i586.rpm 520258316a44dfbf6c13c7d7b96d5504 2007.0/i586/libkoffice2-kivio-devel-1.5.91-3.3mdv2007.0.i586.rpm f62280e2ab006729efc6a4af379e6a23 2007.0/i586/libkoffice2-koshell-1.5.91-3.3mdv2007.0.i586.rpm 036045cae6863b7872c20ab4d1cc5688 2007.0/i586/libkoffice2-kplato-1.5.91-3.3mdv2007.0.i586.rpm 1e86cd4131a0b228c18209194719e672 2007.0/i586/libkoffice2-kpresenter-1.5.91-3.3mdv2007.0.i586.rpm 6d4129270a176cc103efd3d3af77fb86 2007.0/i586/libkoffice2-kpresenter-devel-1.5.91-3.3mdv2007.0.i586.rpm c593f3e2688aaba40c43c33e9d7105ea 2007.0/i586/libkoffice2-krita-1.5.91-3.3mdv2007.0.i586.rpm 4650aaedeb219009e13a714776ed306d 2007.0/i586/libkoffice2-krita-devel-1.5.91-3.3mdv2007.0.i586.rpm 1a9d2cb47aa3ee4766c58c7dab59e5d8 2007.0/i586/libkoffice2-kspread-1.5.91-3.3mdv2007.0.i586.rpm 6aaec493fd2d9893028846f4f8e21462 2007.0/i586/libkoffice2-kspread-devel-1.5.91-3.3mdv2007.0.i586.rpm e440b2660d6c6a30dfe1a0f916f28710 2007.0/i586/libkoffice2-kugar-1.5.91-3.3mdv2007.0.i586.rpm 34848cf4d92ab20936380a0b1848b87c 2007.0/i586/libkoffice2-kugar-devel-1.5.91-3.3mdv2007.0.i586.rpm 1d8d0aa310a11a28afd0372e04dcf3d1 2007.0/i586/libkoffice2-kword-1.5.91-3.3mdv2007.0.i586.rpm e141aae296f1ea77ad8ba8e911035a6f 2007.0/i586/libkoffice2-kword-devel-1.5.91-3.3mdv2007.0.i586.rpm f3b45e02397192707a4717e4796f8e44 2007.0/i586/libkoffice2-progs-1.5.91-3.3mdv2007.0.i586.rpm 45ee5c8cb61a7be6802ab927c15fcc45 2007.0/i586/libkoffice2-progs-devel-1.5.91-3.3mdv2007.0.i586.rpm 2dcb5c2b4e73e2213718164f97fb4877 2007.0/SRPMS/koffice-1.5.91-3.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 837b0881b72c5b853532dd2502d0ff7a 2007.0/x86_64/koffice-1.5.91-3.3mdv2007.0.x86_64.rpm 33728635d9a94f6b7231f2a80ddb50ae 2007.0/x86_64/koffice-karbon-1.5.91-3.3mdv2007.0.x86_64.rpm c76e8403a507ebc8f249f6f2334935dd 2007.0/x86_64/koffice-kexi-1.5.91-3.3mdv2007.0.x86_64.rpm 03d4caf72b433c26678fdc6180b637aa 2007.0/x86_64/koffice-kformula-1.5.91-3.3mdv2007.0.x86_64.rpm 5d716dac65c438f2397b52544a6e8f38 2007.0/x86_64/koffice-kivio-1.5.91-3.3mdv2007.0.x86_64.rpm 5686d37d4c3cf9c40ba8e0e2d7f75050 2007.0/x86_64/koffice-koshell-1.5.91-3.3mdv2007.0.x86_64.rpm 245f05881374b5c0ff96fda584fe0e68 2007.0/x86_64/koffice-kplato-1.5.91-3.3mdv2007.0.x86_64.rpm 48b03d85d6c565830c984ffa70fe5ed4 2007.0/x86_64/koffice-kpresenter-1.5.91-3.3mdv2007.0.x86_64.rpm 91babf38de874d98768de64f5151243d 2007.0/x86_64/koffice-krita-1.5.91-3.3mdv2007.0.x86_64.rpm 905ccf7c609c2dc46051109a92d0b967 2007.0/x86_64/koffice-kspread-1.5.91-3.3mdv2007.0.x86_64.rpm b13880c4f3e75fb87c1a06ccebe130c6 2007.0/x86_64/koffice-kugar-1.5.91-3.3mdv2007.0.x86_64.rpm 1ab02849f6053668c3f32481ac027ff3 2007.0/x86_64/koffice-kword-1.5.91-3.3mdv2007.0.x86_64.rpm a19557886617f34e7bc380e2f608182d 2007.0/x86_64/koffice-progs-1.5.91-3.3mdv2007.0.x86_64.rpm 10e515bedb617b46c0bd0c2201ba0778 2007.0/x86_64/lib64koffice2-karbon-1.5.91-3.3mdv2007.0.x86_64.rpm c779557283f634c818b57d673cc0d282 2007.0/x86_64/lib64koffice2-karbon-devel-1.5.91-3.3mdv2007.0.x86_64.rpm a52e7d5c03f03954674e955e518ecdda 2007.0/x86_64/lib64koffice2-kexi-1.5.91-3.3mdv2007.0.x86_64.rpm 6abce5b2c97323df1c34cfbb51c24e8c 2007.0/x86_64/lib64koffice2-kexi-devel-1.5.91-3.3mdv2007.0.x86_64.rpm 8d3a2a1cbb1778dce5943407ae54ec91 2007.0/x86_64/lib64koffice2-kformula-1.5.91-3.3mdv2007.0.x86_64.rpm cb4bc66b2185c02c7f9d63cb5437990a 2007.0/x86_64/lib64koffice2-kformula-devel-1.5.91-3.3mdv2007.0.x86_64.rpm 74b9c1c5afe1d3bd26d702d002d70201 2007.0/x86_64/lib64koffice2-kivio-1.5.91-3.3mdv2007.0.x86_64.rpm 84fb2950e93db3274a10a1967b63cfd1 2007.0/x86_64/lib64koffice2-kivio-devel-1.5.91-3.3mdv2007.0.x86_64.rpm dce5027826fd5808045a81d54128d6bd 2007.0/x86_64/lib64koffice2-koshell-1.5.91-3.3mdv2007.0.x86_64.rpm 43139b9b61586d0dde15ca648d4bd1bf 2007.0/x86_64/lib64koffice2-kplato-1.5.91-3.3mdv2007.0.x86_64.rpm 536c7f344165974e98d24bfa03ad999b 2007.0/x86_64/lib64koffice2-kpresenter-1.5.91-3.3mdv2007.0.x86_64.rpm 558e2156bd14fe3889e50d128e1b9777 2007.0/x86_64/lib64koffice2-kpresenter-devel-1.5.91-3.3mdv2007.0.x86_64.rpm 5f1ff30462271fcdbb348be7fdfed67c 2007.0/x86_64/lib64koffice2-krita-1.5.91-3.3mdv2007.0.x86_64.rpm d92007f528c1c4bbd5f08e1a372f360f 2007.0/x86_64/lib64koffice2-krita-devel-1.5.91-3.3mdv2007.0.x86_64.rpm e4f4608eee0c34b0ea5dbcedfa322e10 2007.0/x86_64/lib64koffice2-kspread-1.5.91-3.3mdv2007.0.x86_64.rpm 0b9265836827e5519439507505e854ff 2007.0/x86_64/lib64koffice2-kspread-devel-1.5.91-3.3mdv2007.0.x86_64.rpm 175974918d496b876fb0f153d6325132 2007.0/x86_64/lib64koffice2-kugar-1.5.91-3.3mdv2007.0.x86_64.rpm 6769a7aa06bc0ef765473806877a74a3 2007.0/x86_64/lib64koffice2-kugar-devel-1.5.91-3.3mdv2007.0.x86_64.rpm 88578bf2bd7b6a2e2d2e361163ee4d44 2007.0/x86_64/lib64koffice2-kword-1.5.91-3.3mdv2007.0.x86_64.rpm d2c14a93ba278c18f12a2366149d24c0 2007.0/x86_64/lib64koffice2-kword-devel-1.5.91-3.3mdv2007.0.x86_64.rpm fab8c782b89b43a15df544ef6da61a42 2007.0/x86_64/lib64koffice2-progs-1.5.91-3.3mdv2007.0.x86_64.rpm 726d9d0df73c3603cbc22a7ac3fdc061 2007.0/x86_64/lib64koffice2-progs-devel-1.5.91-3.3mdv2007.0.x86_64.rpm 2dcb5c2b4e73e2213718164f97fb4877 2007.0/SRPMS/koffice-1.5.91-3.3mdv2007.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFr7Q8mqjQ0CJFipgRAotZAJ46508w3im/IvxBRh2tIJqkD9Bb6ACguSRx nyX+pMyxCoY2znh4Jy7IfhA= =D46J -----END PGP SIGNATURE-----