208356 CVE-2008-0668 2008-01-31 21:49 0000 app-office/gnumeric < 1.8.1 excel_read_HLINK XLS opcodes code excution (CVE-2008-0668) 2008-02-23 17:44:52 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://secunia.com/advisories/28725/ B2 [glsa] P2 normal --- 1 py@gentoo.org security@gentoo.org gnome-office@gentoo.org py@gentoo.org 2008-01-31 21:49:00 0000 A vulnerability has been reported in Gnumeric, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to integer overflows and signedness errors when processing XLS HLINK opcodes within the "excel_read_HLINK()" function in plugins/excel/ms-excel-read.c. This can be exploited to corrupt the stack via a specially crafted XLS file. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.6.3. Versions prior to 1.8.1 may also be affected. Solution: Update to version 1.8.1. http://ftp.gnome.org/pub/GNOME/sources/gnumeric/1.8/ py@gentoo.org 2008-01-31 21:50:50 0000 Gnome-office, is 1.8.1 ready for going stable? please advise. eva@gentoo.org 2008-01-31 22:13:08 0000 it's a bugfix only release following 1.8.0 so I'd say yes. Plus it has no currently opened bug against it in gentoo. rbu@gentoo.org 2008-02-01 22:23:11 0000 Arches, please test and mark stable: =app-office/gnumeric-1.8.1 Target keywords : "alpha amd64 hppa ia64 ppc ppc64 release sparc x86" maekke@gentoo.org 2008-02-02 02:20:04 0000 x86 stable. Please note: dodoc: TODO does not exist bluebird@gentoo.org 2008-02-02 13:06:14 0000 Tested app-office/gnumeric-1.8.1 USE="gnome -debug -perl -python" on sparc. - compiles - no test phase(restricted) - no collisions - works # emerge --info Portage 2.1.3.19 (default-linux/sparc/sparc64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23-gentoo-r6 sparc64) ================================================================= System uname: 2.6.23-gentoo-r6 sparc64 sun4u Timestamp of tree: Sat, 02 Feb 2008 10:00:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 3.2_p17-r1 dev-lang/python: 2.4.4-r6 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.10-r5 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.23-r3 ACCEPT_KEYWORDS="sparc" CBUILD="sparc-unknown-linux-gnu" CFLAGS="-mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis -Wa,-Av8plusa -O2 -pipe -frename-registers -ggdb" CHOST="sparc-unknown-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/udev/rules.d" CPPFLAGS="-mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis -Wa,-Av8plusa -O2 -pipe -frename-registers -ggdb" CXXFLAGS="-mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis -Wa,-Av8plusa -O2 -pipe -frename-registers -ggdb" DISTDIR="/usr/portage/distfiles" FEATURES="ccache collision-protect distlocks installsources metadata-transfer parallel-fetch sanxbox splitdebug strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" LANG="de_DE.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="en de" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portage/local/layman/sunrise" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="64bit 7zip X a52 aac aalib alsa artworkextra audacious avahi blender-game bluetooth bzip2 caps ccache cups curl custom-cflags cvs dbus dga disk-partition divx dts dv dvd dvdread encode fastcgi fat ffmpeg flac ftp fuse gd gif gimp gimpprint gmedia gnome gnome-print gnomecanvas gpm grammar gtk hal hpn ieee1394 ithreads javascript jpeg jpeg2k lzo mad memcache midi mikmod mjpeg mp2 mp3 mpeg mpeg2 mplayer musepack nautilus ncurses network networking nls nptl nptlonly nsplugin offensive ogg openal opengl opera pam pcre png pnm ppds quicktime realmedia regex ruby samba sdl sdl-image slang smartcard smp sms sound soundex sparc speex spell sqlite3 ssl subversion svg symlink test theora threads tiff timidity truetype tta unicode usb userlocales utils vcd vidix vim vim-syntax vim-with-x vorbis wma wmf wmp x264 xanim xcb xfce xine xinerama xorg xulrunner xv xvid zlib" ALSA_PCM_PLUGINS="adpcm alaw copy dshare dsnoop extplug file hooks ladspa lfloat linear meter mulaw multi null rate route share shm" ELIBC="glibc" INPUT_DEVICES="keyboard mouse" KERNEL="linux" LINGUAS="en de" USERLAND="GNU" VIDEO_CARDS="mach64" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS ranger@gentoo.org 2008-02-02 14:11:26 0000 ppc64 done ranger@gentoo.org 2008-02-02 14:21:31 0000 ppc done too jer@gentoo.org 2008-02-02 15:17:25 0000 Stable for HPPA. armin76@gentoo.org 2008-02-03 12:44:05 0000 alpha/ia64/sparc stable tester@gentoo.org 2008-02-10 21:47:53 0000 amd64 done, I guess this is done py@gentoo.org 2008-02-10 22:25:23 0000 (In reply to comment #10) > amd64 done, I guess this is done > nope, we still need a glsa, so please don't close security bugs ;) tester@gentoo.org 2008-02-10 22:28:04 0000 oops py@gentoo.org 2008-02-12 20:56:32 0000 GLSA 200802-05, kthxbye. pva@gentoo.org 2008-02-23 17:44:52 0000 Fixed in release snapshot.