News

=========================================================== Ubuntu Security Notice USN-236-2 January 09, 2006 kdegraphics, koffice vulnerabilities CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, CVE-2005-3627 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: kpdf kword The problem can be corrected by upgrading the affected package to the following versions: Ubuntu 5.04: kpdf: 1:1.3.5-2ubuntu1.3 kword: 4:3.4.0-0ubuntu3.3 Ubuntu 5.10: kpdf: 1:1.4.1-0ubuntu7.2 kword: 4:3.4.3-0ubuntu2.2 After a standard system upgrade you need to restart kpdf and kword to effect the necessary changes. Details follow: USN-236-1 fixed several vulnerabilities in xpdf. kpdf and kword contain copies of xpdf code and are thus vulnerable to the same issues. For reference, this is the original advisory: Chris Evans discovered several integer overflows in the XPDF code, which is present in xpdf, the Poppler library, and tetex-bin. By tricking an user into opening a specially crafted PDF file, an attacker could exploit this to execute arbitrary code with the privileges of the application that processes the document.