[Please upgrade kpdf and koffice on all distributions. Xpdf and all other xpdf-derived applications are also vulnerable -- Raju]
This is an RFC 1153 digest. (1 message) ---------------------------------------------------------------------- MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1525639.VOuhdhKFhD"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <[EMAIL PROTECTED]> From: Dirk Mueller <[EMAIL PROTECTED]> To: "Undisclosed.Recipients": ; Cc: [EMAIL PROTECTED], bugtraq@securityfocus.com Subject: [KDE Security Advisory] multiple buffer overflows in kpdf/koffice Date: Wed, 7 Dec 2005 22:12:51 +0100 --nextPart1525639.VOuhdhKFhD Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline KDE Security Advisory: kpdf/xpdf multiple integer overflows Original Release Date: 2005-12-07 URL: http://www.kde.org/info/security/advisory-20051207-1.txt 0. References CAN-2005-3191 CAN-2005-3192 CAN-2005-3193 1. Systems affected: KDE 3.2.0 up to including KDE 3.5.0 KOffice 1.3.0 up to including KOffice 1.4.2 2. Overview: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains multiple integer overflow vulnerabilities that allow specially crafted pdf files, when opened, to overflow a heap allocated buffer and execute arbitrary code.=20 3. Impact: Remotely supplied pdf files can be used to execute arbitrary code on the client machine. 4. Solution: Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages. 5. Patch: Patch for KDE 3.5.0 is available from=20 ftp://ftp.kde.org/pub/kde/security_patches : 04d1a115cca0deacbfca5c172bb9f4db =20 post-3.5.0-kdegraphics-CAN-2005-3193.diff Patch for KDE 3.4.3 is available from=20 ftp://ftp.kde.org/pub/kde/security_patches : b9787ff17e3e7eccee9ff23edcdca2c1=20 post-3.4.3-kdegraphics-CAN-2005-3193.diff Patch for KDE 3.3.2 is available from=20 ftp://ftp.kde.org/pub/kde/security_patches : 8e0b2db76bc419b444f8308b3d8127b9 post-3.3.2-kdegraphics-CAN-2005-3193.diff Patch for KDE 3.2.3 is available from=20 ftp://ftp.kde.org/pub/kde/security_patches : 75c90ff2998ff7b4c1b66fbf85d351f1 =20 post-3.2.3-kdegraphics-CAN-2005-3193.diff Patch for KOffice 1.3.0 and newer is available from=20 ftp://ftp.kde.org/pub/kde/security_patches : e663d0b1b6c32c3fb99c85834ae7b17b post-1.3-koffice-CAN-2005-3193.diff --nextPart1525639.VOuhdhKFhD Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQBDl1BXvsXr+iuy1UoRAhYxAKCrRpvP/yxFmk1cHj3xTswt4EWw/QCeNRnN sXKlUy7WElj2JBWc+e7jvY0= =yMzI -----END PGP SIGNATURE----- --nextPart1525639.VOuhdhKFhD-- ------------------------------ End of this Digest ****************** -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ linux-india-help mailing list linux-india-help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-india-help
