187139 2007-07-30 15:10 0000 app-office/{koffice,kword}, kde-base/{kdegraphics,kpdf} - stack based buffer overflow (CVE-2007-3387) 2007-10-09 22:27:55 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED B2 [glsa] P2 normal --- 1 carlo@gentoo.org security@gentoo.org mjf@gentoo.org carlo@gentoo.org 2007-07-30 15:10:59 0000 kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor(). We'd like to thank Derek Noonburg for bringing this issue to our attention. Remotely supplied pdf files can be used to disrupt the kpdf viewer on the client machine and possibly execute arbitrary code. The upstream advisory will be out in a couple of hours. I'm taking care of the patches. Is there a restricted bug for xpdf, poppler, etc. yet? py@gentoo.org 2007-07-30 15:30:15 0000 for xpdf, it's bug 185225 carlo@gentoo.org 2007-07-30 16:08:03 0000 So why weren't bugs created for the maintainers of the usual suspects of packages to be affected as well? From looking at the GLSA list aside KDE there are gpdf, libextractor, pdftohtml and possibly others to have a look at. carlo@gentoo.org 2007-07-30 18:04:50 0000 kword-1.6.3-r1 and koffice-1.6.3-r1 can go stable, kpdf-3.5.7-r1 and kdegraphics-3.5.7-r1 will be taken care of with the stabilization of KDE 3.5.7. carlo@gentoo.org 2007-08-01 13:01:54 0000 Security team, please change visibility, it's public. carlo@gentoo.org 2007-08-01 13:05:07 0000 *** Bug 187310 has been marked as a duplicate of this bug. *** py@gentoo.org 2007-08-01 13:14:38 0000 thanks for the info carlo. Arches, please test and mark stable: kword-1.6.3-r1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" koffice-1.6.3-r1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86" fmccor@gentoo.org 2007-08-01 15:00:17 0000 Sparc done for both. koffice-1.6.3-r1 builds and installs as expected; utilities seem to work. kword-1.6.3-r1 (same source) builds as expected and passes with FEATURES=test. jer@gentoo.org 2007-08-01 18:16:25 0000 Marked stable for HPPA: app-office/koffice-1.6.3-r1 app-office/kword-1.6.3-r1 corsair@gentoo.org 2007-08-01 19:39:41 0000 ppc64 stable armin76@gentoo.org 2007-08-01 19:46:54 0000 alpha/ia64/x86 stable dertobi123@gentoo.org 2007-08-03 05:45:39 0000 ppc stable rbu@gentoo.org 2007-08-04 13:34:59 0000 "poppler includes a copy of the xpdf code and required an update as well." carlo@gentoo.org 2007-08-04 14:47:32 0000 (In reply to comment #12) > "poppler includes a copy of the xpdf code and required an update as well." > Pointed that out in comment 2 already (well, didn't mention poppler being affected as it is what you'd expect). Can the security team please unrestrict bug 185225 as well!? The xpdf vuln. really isn't news anymore. Also, are there (restricted) bugs for the other packages, yet? beandog@gentoo.org 2007-08-12 14:42:45 0000 amd64 stable fauli@gentoo.org 2007-09-08 22:08:44 0000 Changing status to [glsa], security please do your magic. py@gentoo.org 2007-10-09 22:27:55 0000 GLSA 200710-08, sorry for the delay