Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2004:165 (koffice)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50917

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2004:165 (koffice)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to koffice
announced via advisory MDKSA-2004:165.

Chris Evans discovered numerous vulnerabilities in the xpdf package,
which also effect software using embedded xpdf code, such as koffice
(CVE-2004-0888).

Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0.
Also programs like koffice which have embedded versions of xpdf.
These can result in writing an arbitrary byte to an attacker controlled
location which probably could lead to arbitrary code execution.

iDefense also reported a buffer overflow vulnerability, which affects
versions of xpdf <= xpdf-3.0 and several programs, like koffice, which use
embedded xpdf code. An attacker could construct a malicious payload file
which could enable arbitrary code execution on the target system
(CVE-2004-1125).

The updated packages are patched to protect against these
vulnerabilities.

Affected versions: 10.0, 10.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1125

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0888
BugTraq ID: 11501
http://www.securityfocus.com/bid/11501
Conectiva Linux advisory: CLA-2004:886
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886
Debian Security Information: DSA-573 (Google Search)
http://www.debian.org/security/2004/dsa-573
Debian Security Information: DSA-581 (Google Search)
http://www.debian.org/security/2004/dsa-581
Debian Security Information: DSA-599 (Google Search)
http://www.debian.org/security/2004/dsa-599
http://marc.info/?l=bugtraq&m=110815379627883&w=2
https://bugzilla.fedora.us/show_bug.cgi?id=2353
http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml
http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:113
http://www.mandriva.com/security/advisories?name=MDKSA-2004:114
http://www.mandriva.com/security/advisories?name=MDKSA-2004:115
http://www.mandriva.com/security/advisories?name=MDKSA-2004:116
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714
http://www.redhat.com/support/errata/RHSA-2004-543.html
http://www.redhat.com/support/errata/RHSA-2004-592.html
http://www.redhat.com/support/errata/RHSA-2005-066.html
http://www.redhat.com/support/errata/RHSA-2005-354.html
SuSE Security Announcement: SUSE-SA:2004:039 (Google Search)
http://marc.info/?l=bugtraq&m=109880927526773&w=2
https://www.ubuntu.com/usn/usn-9-1/
XForce ISS Database: xpdf-pdf-bo(17818)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17818
Common Vulnerability Exposure (CVE) ID: CVE-2004-1125
BugTraq ID: 12070
http://www.securityfocus.com/bid/12070
Bugtraq: 20041228 KDE Security Advisory: kpdf Buffer Overflow Vulnerability (Google Search)
http://marc.info/?t=110378596500001&r=1&w=2
Conectiva Linux advisory: CLA-2005:921
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
https://bugzilla.fedora.us/show_bug.cgi?id=2352
http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html
http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml
http://www.gentoo.org/security/en/glsa/glsa-200501-13.xml
http://www.gentoo.org/security/en/glsa/glsa-200501-17.xml
http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10830
http://www.redhat.com/support/errata/RHSA-2005-013.html
http://www.redhat.com/support/errata/RHSA-2005-018.html
http://www.redhat.com/support/errata/RHSA-2005-026.html
http://www.redhat.com/support/errata/RHSA-2005-034.html
http://www.redhat.com/support/errata/RHSA-2005-053.html
http://www.redhat.com/support/errata/RHSA-2005-057.html
SCO Security Bulletin: SCOSA-2005.42
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
http://securitytracker.com/id?1012646
http://secunia.com/advisories/17277
SuSE Security Announcement: SUSE-SR:2005:001 (Google Search)
http://www.novell.com/linux/security/advisories/2005_01_sr.html
https://usn.ubuntu.com/50-1/
XForce ISS Database: xpdf-gfx-doimage-bo(18641)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18641

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50917
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:165 (koffice)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to koffice announced via advisory MDKSA-2004:165. Chris Evans discovered numerous vulnerabilities in the xpdf package, which also effect software using embedded xpdf code, such as koffice (CVE-2004-0888). Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs like koffice which have embedded versions of xpdf. These can result in writing an arbitrary byte to an attacker controlled location which probably could lead to arbitrary code execution. iDefense also reported a buffer overflow vulnerability, which affects versions of xpdf <= xpdf-3.0 and several programs, like koffice, which use embedded xpdf code. An attacker could construct a malicious payload file which could enable arbitrary code execution on the target system (CVE-2004-1125). The updated packages are patched to protect against these vulnerabilities. Affected versions: 10.0, 10.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2004:165 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0888 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1125 Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0888 BugTraq ID: 11501 http://www.securityfocus.com/bid/11501 Conectiva Linux advisory: CLA-2004:886 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886 Debian Security Information: DSA-573 (Google Search) http://www.debian.org/security/2004/dsa-573 Debian Security Information: DSA-581 (Google Search) http://www.debian.org/security/2004/dsa-581 Debian Security Information: DSA-599 (Google Search) http://www.debian.org/security/2004/dsa-599 http://marc.info/?l=bugtraq&m=110815379627883&w=2 https://bugzilla.fedora.us/show_bug.cgi?id=2353 http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:113 http://www.mandriva.com/security/advisories?name=MDKSA-2004:114 http://www.mandriva.com/security/advisories?name=MDKSA-2004:115 http://www.mandriva.com/security/advisories?name=MDKSA-2004:116 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9714 http://www.redhat.com/support/errata/RHSA-2004-543.html http://www.redhat.com/support/errata/RHSA-2004-592.html http://www.redhat.com/support/errata/RHSA-2005-066.html http://www.redhat.com/support/errata/RHSA-2005-354.html SuSE Security Announcement: SUSE-SA:2004:039 (Google Search) http://marc.info/?l=bugtraq&m=109880927526773&w=2 https://www.ubuntu.com/usn/usn-9-1/ XForce ISS Database: xpdf-pdf-bo(17818) https://exchange.xforce.ibmcloud.com/vulnerabilities/17818 Common Vulnerability Exposure (CVE) ID: CVE-2004-1125 BugTraq ID: 12070 http://www.securityfocus.com/bid/12070 Bugtraq: 20041228 KDE Security Advisory: kpdf Buffer Overflow Vulnerability (Google Search) http://marc.info/?t=110378596500001&r=1&w=2 Conectiva Linux advisory: CLA-2005:921 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921 https://bugzilla.fedora.us/show_bug.cgi?id=2352 http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml http://www.gentoo.org/security/en/glsa/glsa-200501-13.xml http://www.gentoo.org/security/en/glsa/glsa-200501-17.xml http://www.idefense.com/application/poi/display?id=172&type=vulnerabilities https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10830 http://www.redhat.com/support/errata/RHSA-2005-013.html http://www.redhat.com/support/errata/RHSA-2005-018.html http://www.redhat.com/support/errata/RHSA-2005-026.html http://www.redhat.com/support/errata/RHSA-2005-034.html http://www.redhat.com/support/errata/RHSA-2005-053.html http://www.redhat.com/support/errata/RHSA-2005-057.html SCO Security Bulletin: SCOSA-2005.42 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt http://securitytracker.com/id?1012646 http://secunia.com/advisories/17277 SuSE Security Announcement: SUSE-SR:2005:001 (Google Search) http://www.novell.com/linux/security/advisories/2005_01_sr.html https://usn.ubuntu.com/50-1/ XForce ISS Database: xpdf-gfx-doimage-bo(18641) https://exchange.xforce.ibmcloud.com/vulnerabilities/18641
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com