[Please upgrade Kword (Koffice) on all distributions. Vendor packages should be out soon -- Raju]
This is an RFC 1153 digest. (1 message) ---------------------------------------------------------------------- MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1632620.8UdAu8EOQ3"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <[EMAIL PROTECTED]> From: Dirk Mueller <[EMAIL PROTECTED]> To: bugtraq@securityfocus.com Subject: [KDE Security Advisory] KOffice/KWord RTF import buffer overflow Date: Tue, 11 Oct 2005 15:17:32 +0200 --nextPart1632620.8UdAu8EOQ3 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline KDE Security Advisory: KWord RTF import buffer overflow Original Release Date: 2005-10-11 URL: http://www.kde.org/info/security/advisory-20051011-1.txt 0. References CAN-2005-2971 CESA-2005-005 1. Systems affected: All KOffice releases starting from KOffice 1.2.0 up to including KOffice 1.4.1. 2. Overview: Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. 3. Impact: Opening specially crafted RTF files in KWord can cause execution of abitrary code. 4. Solution: Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages. 5. Patch: Patch for KOffice 1.4.1 is available from=20 ftp://ftp.kde.org/pub/kde/security_patches : 9f77b327119fd1db0752dab785e2a975 post-koffice-1.4.1-rtfimport.diff Patch for KOffice 1.3.5 is available from=20 ftp://ftp.kde.org/pub/kde/security_patches : 71a1baa8244dbcc1bfc2bd3c3e3dd40f post-koffice-1.3.5-rtfimport.diff Patch for KOffice 1.2.1 is available from=20 ftp://ftp.kde.org/pub/kde/security_patches : b36488a186aded0f5e812397af3c689a post-koffice-1.2.1-rtfimport.diff --nextPart1632620.8UdAu8EOQ3 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQBDS7twvsXr+iuy1UoRAt8cAKCDLexCfMVRSQ/yOij0HhlqjxqcrgCeLlFX qObtRo0BQxixrLNgMoTXElg= =RNq7 -----END PGP SIGNATURE----- --nextPart1632620.8UdAu8EOQ3-- ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ linux-india-help mailing list linux-india-help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-india-help
