GLSA Bodhisattva
Joined: 13 Jun 2003 Posts: 4087 Location: Dresden, Germany
|
Posted: Thu Oct 28, 2004 9:14 am Post subject: [ GLSA 200410-30 ] GPdf, KPDF, KOffice: Vulnerabilities in i |
|
|
Gentoo Linux Security Advisory
Title: GPdf, KPDF, KOffice: Vulnerabilities in included xpdf (GLSA 200410-30)
Severity: normal
Exploitable: remote
Date: October 28, 2004
Updated: November 06, 2004
Bug(s): #68558, #68665, #68571, #69936, #69624
ID: 200410-30
Synopsis
GPdf, KPDF and KOffice all include vulnerable xpdf code to handle PDF
files, making them vulnerable to execution of arbitrary code upon viewing a
malicious PDF file.
Background
GPdf is a Gnome-based PDF viewer. KPDF, part of the kdegraphics package, is
a KDE-based PDF viewer. KOffice is an integrated office suite for KDE.
Affected Packages
Package: app-office/koffice
Vulnerable: < 1.3.4-r1
Unaffected: >= 1.3.4-r1
Unaffected: >= 1.3.3-r2 < 1.3.4
Architectures: All supported architectures
Package: app-text/gpdf
Vulnerable: < 2.8.0-r2
Unaffected: >= 2.8.0-r2
Unaffected: >= 0.132-r2 < 0.133
Architectures: All supported architectures
Package: kde-base/kdegraphics
Vulnerable: < 3.3.1-r2
Unaffected: >= 3.3.1-r2
Unaffected: >= 3.3.0-r2 < 3.3.1
Unaffected: >= 3.2.3-r2 < 3.2.4
Architectures: All supported architectures
Description
GPdf, KPDF and KOffice all include xpdf code to handle PDF files. xpdf is
vulnerable to multiple integer overflows, as described in GLSA 200410-20.
Impact
An attacker could entice a user to open a specially-crafted PDF file,
potentially resulting in execution of arbitrary code with the rights of the
user running the affected utility.
Workaround
There is no known workaround at this time.
Resolution
All GPdf users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/gpdf-0.132-r2" |
All KDE users should upgrade to the latest version of kdegraphics:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdegraphics-3.3.0-r2" |
All KOffice users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/koffice-1.3.3-r2" |
References
GLSA 200410-20
CAN-2004-0888
CAN-2004-0889
Last edited by GLSA on Mon Jun 10, 2013 4:18 am; edited 4 times in total |
|