The Mandriva Security Team published a new security update: MDKSA-2005:185 - Updated koffice packages fix KWord RTF import overflow vulnerability for Mandriva Linux. Here the announcement:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: koffice
Advisory ID: MDKSA-2005:185
Date: October 14th, 2005
Affected versions: 10.2, 2006.0
______________________________________________________________________
Problem Description:
Chris Evans reported a heap based buffer overflow in the RTF importer
of KWord. An attacker could provide a specially crafted RTF file, which
when opened in KWord can cause execution of abitrary code.
The updated packages are patched to deal with these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-2971
______________________________________________________________________
Updated Packages:
Mandrivalinux 10.2:
223e4790f52914f0cc5455af7fc6a2ac 10.2/RPMS/koffice-1.3.5-24.1.102mdk.i586.rpm
121b35e202ffbc72fe1d7f38569c2ed8 10.2/RPMS/koffice-karbon-1.3.5-24.1.102mdk.i586.rpm
50d7f534068fb2c6298f79d750a9f9e6 10.2/RPMS/koffice-kformula-1.3.5-24.1.102mdk.i586.rpm
f4f49dfd0fc1f10e9cf411e67f03935d 10.2/RPMS/koffice-kivio-1.3.5-24.1.102mdk.i586.rpm
5e8cc2c457581118a8903aede54e34dd 10.2/RPMS/koffice-koshell-1.3.5-24.1.102mdk.i586.rpm
5be355a3a69a3dbc3c5496679e50d769 10.2/RPMS/koffice-kpresenter-1.3.5-24.1.102mdk.i586.rpm
1dc7261ad3b75adb4e837c9043ed21d2 10.2/RPMS/koffice-kspread-1.3.5-24.1.102mdk.i586.rpm
7c921e582b081ef42a2674a702504f8c 10.2/RPMS/koffice-kugar-1.3.5-24.1.102mdk.i586.rpm
56b67aa98db4bd3950a169ac434715ef 10.2/RPMS/koffice-kword-1.3.5-24.1.102mdk.i586.rpm
cd9e775bdc2375834ae392ab95a4c9c8 10.2/RPMS/koffice-progs-1.3.5-24.1.102mdk.i586.rpm
fe55d1e21402323addf4a148f532a8d3 10.2/RPMS/libkoffice2-karbon-1.3.5-24.1.102mdk.i586.rpm
05028989e9b05fd85384b2a8f14845bf 10.2/RPMS/libkoffice2-kformula-1.3.5-24.1.102mdk.i586.rpm
51870740a76006e81b1579557779c45a 10.2/RPMS/libkoffice2-kivio-1.3.5-24.1.102mdk.i586.rpm
0a8f52f04e4d30193614f58961cc63a0 10.2/RPMS/libkoffice2-koshell-1.3.5-24.1.102mdk.i586.rpm
d293e5f31835b64baf437f4b2ee208ca 10.2/RPMS/libkoffice2-kpresenter-1.3.5-24.1.102mdk.i586.rpm
527cb289d397a005ed6c7940e8e43eb5 10.2/RPMS/libkoffice2-kspread-1.3.5-24.1.102mdk.i586.rpm
bf9662eaf4be252f6056f1921f0402b3 10.2/RPMS/libkoffice2-kspread-devel-1.3.5-24.1.102mdk.i586.rpm
ac38281778a94521d5cab5ad6ceb02b4 10.2/RPMS/libkoffice2-kugar-1.3.5-24.1.102mdk.i586.rpm
423bd6ff1616986410c765d3e0b9cc1b 10.2/RPMS/libkoffice2-kugar-devel-1.3.5-24.1.102mdk.i586.rpm
b11a61fb69042d39e009a56815416e21 10.2/RPMS/libkoffice2-kword-1.3.5-24.1.102mdk.i586.rpm
a05e950041fab68dd5776815a13b876e 10.2/RPMS/libkoffice2-kword-devel-1.3.5-24.1.102mdk.i586.rpm
fa2e36e7f5aeec6f3d3ebdddac4345b3 10.2/RPMS/libkoffice2-progs-1.3.5-24.1.102mdk.i586.rpm
497a9104efab7265062dc1072b1a6494 10.2/RPMS/libkoffice2-progs-devel-1.3.5-24.1.102mdk.i586.rpm
e788111a2311e0d6d8610f6299a5c6c5 10.2/SRPMS/koffice-1.3.5-24.1.102mdk.src.rpm
Mandrivalinux 10.2/X86_64:
5baee5d8e03ac236048f9dc9ee1cae1d x86_64/10.2/RPMS/koffice-1.3.5-24.1.102mdk.x86_64.rpm
a4f07638fe92aaa6f63023eb37d4ac4f x86_64/10.2/RPMS/koffice-karbon-1.3.5-24.1.102mdk.x86_64.rpm
e20913a9fa595a854b59bc471446610f x86_64/10.2/RPMS/koffice-kformula-1.3.5-24.1.102mdk.x86_64.rpm
5bf36b1187c2763fce460b2f4561e387 x86_64/10.2/RPMS/koffice-kivio-1.3.5-24.1.102mdk.x86_64.rpm
cf91c8560c3d9c71eee46d2274837cb8 x86_64/10.2/RPMS/koffice-koshell-1.3.5-24.1.102mdk.x86_64.rpm
8e6d654638cb495cdf931b4111a2a3b8 x86_64/10.2/RPMS/koffice-kpresenter-1.3.5-24.1.102mdk.x86_64.rpm
1cd80d061edbd873494ccb9c31e40230 x86_64/10.2/RPMS/koffice-kspread-1.3.5-24.1.102mdk.x86_64.rpm
f69f673dc437b7bca22c156cd48faa72 x86_64/10.2/RPMS/koffice-kugar-1.3.5-24.1.102mdk.x86_64.rpm
68b9e1f606cdba52f9c86266ae91592c x86_64/10.2/RPMS/koffice-kword-1.3.5-24.1.102mdk.x86_64.rpm
a83de88ba42e1e877ed0f174a07aaf5b x86_64/10.2/RPMS/koffice-progs-1.3.5-24.1.102mdk.x86_64.rpm
918d36fae713447e2c2b24e765430874 x86_64/10.2/RPMS/lib64koffice2-karbon-1.3.5-24.1.102mdk.x86_64.rpm
93941be1c0a88b65667de2908bc802dc x86_64/10.2/RPMS/lib64koffice2-kformula-1.3.5-24.1.102mdk.x86_64.rpm
6b927db2d487e511501cfcfb7404a054 x86_64/10.2/RPMS/lib64koffice2-kivio-1.3.5-24.1.102mdk.x86_64.rpm
d68a8723d5c2383b3cb6d6adbb291a90 x86_64/10.2/RPMS/lib64koffice2-koshell-1.3.5-24.1.102mdk.x86_64.rpm
e4ad1b293524afd4166297fa8c67655e x86_64/10.2/RPMS/lib64koffice2-kpresenter-1.3.5-24.1.102mdk.x86_64.rpm
8dd80fc8e9f7a72547b39f71252891ce x86_64/10.2/RPMS/lib64koffice2-kspread-1.3.5-24.1.102mdk.x86_64.rpm
5b48cacbf33c325ab97289c94ce83ff1 x86_64/10.2/RPMS/lib64koffice2-kspread-devel-1.3.5-24.1.102mdk.x86_64.rpm
02a6efb474d834b18fa0fc97061be2d0 x86_64/10.2/RPMS/lib64koffice2-kugar-1.3.5-24.1.102mdk.x86_64.rpm
d7736cbc51b2349fc53b6a7e680fa028 x86_64/10.2/RPMS/lib64koffice2-kugar-devel-1.3.5-24.1.102mdk.x86_64.rpm
7d603fb5454ef7da97074897802d8b1d x86_64/10.2/RPMS/lib64koffice2-kword-1.3.5-24.1.102mdk.x86_64.rpm
a88986c2cb93c9871a28b7a80d5862a5 x86_64/10.2/RPMS/lib64koffice2-kword-devel-1.3.5-24.1.102mdk.x86_64.rpm
4bbcbf52172e3d376cc6a762e4b539dc x86_64/10.2/RPMS/lib64koffice2-progs-1.3.5-24.1.102mdk.x86_64.rpm
0f50e2a554eb09f08fe5b8fe393c84b0 x86_64/10.2/RPMS/lib64koffice2-progs-devel-1.3.5-24.1.102mdk.x86_64.rpm
e788111a2311e0d6d8610f6299a5c6c5 x86_64/10.2/SRPMS/koffice-1.3.5-24.1.102mdk.src.rpm
Mandrivalinux 2006.0:
a6adc7c1d0f0d3344da723fe1800cd40 2006.0/RPMS/koffice-1.4.1-12.1.20060mdk.i586.rpm
66727f9cc83c1942792897d14ce3cc0b 2006.0/RPMS/koffice-karbon-1.4.1-12.1.20060mdk.i586.rpm
3dc838f82060a8744cf36930ee6c3b70 2006.0/RPMS/koffice-kexi-1.4.1-12.1.20060mdk.i586.rpm
03e27871e30493c058c59d55b87c1624 2006.0/RPMS/koffice-kformula-1.4.1-12.1.20060mdk.i586.rpm
344ae8075c600ed88158270ebedf90de 2006.0/RPMS/koffice-kivio-1.4.1-12.1.20060mdk.i586.rpm
d0208c8db4b5c8c4bffbc809e1a3a35d 2006.0/RPMS/koffice-koshell-1.4.1-12.1.20060mdk.i586.rpm
a78c7411b433b4c09698f945ab022f63 2006.0/RPMS/koffice-kpresenter-1.4.1-12.1.20060mdk.i586.rpm
68d6e3e63e457a4f67c4b80f4ea523ca 2006.0/RPMS/koffice-krita-1.4.1-12.1.20060mdk.i586.rpm
0b0171638e0a35c1a7333a3add72ceb4 2006.0/RPMS/koffice-kspread-1.4.1-12.1.20060mdk.i586.rpm
25134234b10519d65436892831a9732c 2006.0/RPMS/koffice-kugar-1.4.1-12.1.20060mdk.i586.rpm
1f5955cc745d3a2e7460f29348450589 2006.0/RPMS/koffice-kword-1.4.1-12.1.20060mdk.i586.rpm
4f912465aedffbbc26771dd27635c30b 2006.0/RPMS/koffice-progs-1.4.1-12.1.20060mdk.i586.rpm
22115fd5d2de0a12dc4a0aec0bdb9ccf 2006.0/RPMS/libkoffice2-karbon-1.4.1-12.1.20060mdk.i586.rpm
5e0a1aa755b598e31d95fd67f0cf4e83 2006.0/RPMS/libkoffice2-karbon-devel-1.4.1-12.1.20060mdk.i586.rpm
0b8fd754a106f71234242099890ab116 2006.0/RPMS/libkoffice2-kexi-1.4.1-12.1.20060mdk.i586.rpm
585c2cdef7d1e7fc558c2c042f520799 2006.0/RPMS/libkoffice2-kexi-devel-1.4.1-12.1.20060mdk.i586.rpm
c1b5b624767bf75d30207e6f678f90fd 2006.0/RPMS/libkoffice2-kformula-1.4.1-12.1.20060mdk.i586.rpm
653e35fdc3a3b92829a9036284f1b47b 2006.0/RPMS/libkoffice2-kformula-devel-1.4.1-12.1.20060mdk.i586.rpm
e3ad0ace4da1773eb7fe2aa8edd06ac3 2006.0/RPMS/libkoffice2-kivio-1.4.1-12.1.20060mdk.i586.rpm
ce8f249f98e537e3c1fbd0e53f01e925 2006.0/RPMS/libkoffice2-kivio-devel-1.4.1-12.1.20060mdk.i586.rpm
dc305d5eaac533eff0e1fb6659f71922 2006.0/RPMS/libkoffice2-koshell-1.4.1-12.1.20060mdk.i586.rpm
2cbe3f3fc08ccfe4a1823da86d1e2ef3 2006.0/RPMS/libkoffice2-kpresenter-1.4.1-12.1.20060mdk.i586.rpm
83770ce0d38d47f290bc82c60f3a3144 2006.0/RPMS/libkoffice2-krita-1.4.1-12.1.20060mdk.i586.rpm
9a3ab0a5bb4e1f26de66ccc66453c60d 2006.0/RPMS/libkoffice2-krita-devel-1.4.1-12.1.20060mdk.i586.rpm
284c0efc3c44c07e63496c8094f39b86 2006.0/RPMS/libkoffice2-kspread-1.4.1-12.1.20060mdk.i586.rpm
a7cdc2f94616a09580dddc55341bdf22 2006.0/RPMS/libkoffice2-kspread-devel-1.4.1-12.1.20060mdk.i586.rpm
ecc5355d212b8690e7b2545df729ac34 2006.0/RPMS/libkoffice2-kugar-1.4.1-12.1.20060mdk.i586.rpm
00921bad62d2d1d4c3fa4fb9c51b0fa0 2006.0/RPMS/libkoffice2-kugar-devel-1.4.1-12.1.20060mdk.i586.rpm
3c91e509b777d488c02af0508c0a9486 2006.0/RPMS/libkoffice2-kword-1.4.1-12.1.20060mdk.i586.rpm
d5ffcdf3dae152d0fc27c123ad9a5f73 2006.0/RPMS/libkoffice2-kword-devel-1.4.1-12.1.20060mdk.i586.rpm
1bf09822ee344a07113443e634809f93 2006.0/RPMS/libkoffice2-progs-1.4.1-12.1.20060mdk.i586.rpm
bc3ae2f9dddd553b3fdc39a4eb36f330 2006.0/RPMS/libkoffice2-progs-devel-1.4.1-12.1.20060mdk.i586.rpm
7dd1caa2baf31df5cb439de74b15a28e 2006.0/SRPMS/koffice-1.4.1-12.1.20060mdk.src.rpm
Mandrivalinux 2006.0/X86_64:
db74bf2f133367454ae55cd74996a698 x86_64/2006.0/RPMS/koffice-1.4.1-12.1.20060mdk.x86_64.rpm
e3c073ce12af691c61230d1a6b01edda x86_64/2006.0/RPMS/koffice-karbon-1.4.1-12.1.20060mdk.x86_64.rpm
963d82b04f1d139becfae9d53b6aebb1 x86_64/2006.0/RPMS/koffice-kexi-1.4.1-12.1.20060mdk.x86_64.rpm
218aa2684a5decfca72ff81557e095f8 x86_64/2006.0/RPMS/koffice-kformula-1.4.1-12.1.20060mdk.x86_64.rpm
f47c698f2846ae9e0ea58e8593b392a4 x86_64/2006.0/RPMS/koffice-kivio-1.4.1-12.1.20060mdk.x86_64.rpm
0a5fe8c2ac495d5312d9ddea51c7e738 x86_64/2006.0/RPMS/koffice-koshell-1.4.1-12.1.20060mdk.x86_64.rpm
d0f3fe6d0ff9ba0d1a0d6e47600af266 x86_64/2006.0/RPMS/koffice-kpresenter-1.4.1-12.1.20060mdk.x86_64.rpm
6dd1c14e5b7c3b1d8a51d0866d40b0e0 x86_64/2006.0/RPMS/koffice-krita-1.4.1-12.1.20060mdk.x86_64.rpm
4484b0656be72570a065063e1464553e x86_64/2006.0/RPMS/koffice-kspread-1.4.1-12.1.20060mdk.x86_64.rpm
0504db4193723ae164aab6b5fa9842e0 x86_64/2006.0/RPMS/koffice-kugar-1.4.1-12.1.20060mdk.x86_64.rpm
086e2aabda477597a3a6a6438423a8fb x86_64/2006.0/RPMS/koffice-kword-1.4.1-12.1.20060mdk.x86_64.rpm
cd74780d1af1cf4b2303723d87c58c84 x86_64/2006.0/RPMS/koffice-progs-1.4.1-12.1.20060mdk.x86_64.rpm
717cdd1b1c25bdc1f44d3fd429c93a9d x86_64/2006.0/RPMS/lib64koffice2-karbon-1.4.1-12.1.20060mdk.x86_64.rpm
c9bbd4568ea4977d5617cd3e619c64e8 x86_64/2006.0/RPMS/lib64koffice2-karbon-devel-1.4.1-12.1.20060mdk.x86_64.rpm
95b2a9d1450b7ba1d9deafa17f749286 x86_64/2006.0/RPMS/lib64koffice2-kexi-1.4.1-12.1.20060mdk.x86_64.rpm
a74788f6baa147d8d5ca3405fe9a9ad1 x86_64/2006.0/RPMS/lib64koffice2-kexi-devel-1.4.1-12.1.20060mdk.x86_64.rpm
772f6a8cbd689338ab7de587a47e3cf2 x86_64/2006.0/RPMS/lib64koffice2-kformula-1.4.1-12.1.20060mdk.x86_64.rpm
1eb4e230bd7a58d8fe818afad7734966 x86_64/2006.0/RPMS/lib64koffice2-kformula-devel-1.4.1-12.1.20060mdk.x86_64.rpm
734d78f80525f5486e4935554eddfe54 x86_64/2006.0/RPMS/lib64koffice2-kivio-1.4.1-12.1.20060mdk.x86_64.rpm
5d0db7383f091405fecee6f1c464641b x86_64/2006.0/RPMS/lib64koffice2-kivio-devel-1.4.1-12.1.20060mdk.x86_64.rpm
0cff0b61127119f4d8b3bc5f66629d71 x86_64/2006.0/RPMS/lib64koffice2-koshell-1.4.1-12.1.20060mdk.x86_64.rpm
a5d85f5d610fa8406870fd07dfdeb2b4 x86_64/2006.0/RPMS/lib64koffice2-kpresenter-1.4.1-12.1.20060mdk.x86_64.rpm
d61cf7db80d6057b166fdd20f883b6ff x86_64/2006.0/RPMS/lib64koffice2-krita-1.4.1-12.1.20060mdk.x86_64.rpm
9ac9ac30946f68c8cec7bb5a89c813a5 x86_64/2006.0/RPMS/lib64koffice2-krita-devel-1.4.1-12.1.20060mdk.x86_64.rpm
00598e66cc402e571b808584a4d8c336 x86_64/2006.0/RPMS/lib64koffice2-kspread-1.4.1-12.1.20060mdk.x86_64.rpm
4ceb67f1c28b9ddf67ee8c71ec440892 x86_64/2006.0/RPMS/lib64koffice2-kspread-devel-1.4.1-12.1.20060mdk.x86_64.rpm
cd209d72006ebb9bf73b8b0720f6dec5 x86_64/2006.0/RPMS/lib64koffice2-kugar-1.4.1-12.1.20060mdk.x86_64.rpm
6dafddcacf4c22e7bdd923ea9e539dcf x86_64/2006.0/RPMS/lib64koffice2-kugar-devel-1.4.1-12.1.20060mdk.x86_64.rpm
a528f1fdf4b4e58509fbe66466120a47 x86_64/2006.0/RPMS/lib64koffice2-kword-1.4.1-12.1.20060mdk.x86_64.rpm
7903be8ff2a65a3e2934f1aa08a974d3 x86_64/2006.0/RPMS/lib64koffice2-kword-devel-1.4.1-12.1.20060mdk.x86_64.rpm
ac688ea6ab8372432714409c2f8da424 x86_64/2006.0/RPMS/lib64koffice2-progs-1.4.1-12.1.20060mdk.x86_64.rpm
86c737e2fba85d3dcd4aab2bc769578c x86_64/2006.0/RPMS/lib64koffice2-progs-devel-1.4.1-12.1.20060mdk.x86_64.rpm
7dd1caa2baf31df5cb439de74b15a28e x86_64/2006.0/SRPMS/koffice-1.4.1-12.1.20060mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFDUCK3mqjQ0CJFipgRAnxkAJ9Sgfj4tI1dDGVSev8ePwLStDm/6wCgu07o
R0nwfpsi6L3cday2Z/pKShU=
=JQQS
-----END PGP SIGNATURE-----