English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67858
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-973-1 (koffice)
Summary:Ubuntu USN-973-1 (koffice)
Description:The remote host is missing an update to koffice
announced via advisory USN-973-1.

A security issue affects the following Ubuntu releases:

Ubuntu 9.04

Details follow:

Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that the
Xpdf used in KOffice contained multiple security issues in its JBIG2
decoder. If a user or automated system were tricked into opening a crafted
PDF file, an attacker could cause a denial of service or execute arbitrary
code with privileges of the user invoking the program. (CVE-2009-0146,
CVE-2009-0147, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179,
CVE-2009-1180, CVE-2009-1181)

It was discovered that the Xpdf used in KOffice contained multiple security
issues when parsing malformed PDF documents. If a user or automated system
were tricked into opening a crafted PDF file, an attacker could cause a
denial of service or execute arbitrary code with privileges of the user
invoking the program. (CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)

KOffice in Ubuntu 9.04 uses a very old version of Xpdf to import PDFs into
KWord. Upstream KDE no longer supports PDF import in KOffice and as a
result it was dropped in Ubuntu 9.10. While an attempt was made to fix the
above issues, the maintenance burden for supporting this very old version
of Xpdf outweighed its utility, and PDF import is now also disabled in
Ubuntu 9.04.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 9.04:
kword 1:1.6.3-7ubuntu6.1

In general, a standard system update will make all the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-973-1

Risk factor : Critical
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0146
Bugtraq: 20090417 rPSA-2009-0059-1 poppler (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502761/100/0/threaded
Bugtraq: 20090417 rPSA-2009-0061-1 cups (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502750/100/0/threaded
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Debian Security Information: DSA-1790 (Google Search)
http://www.debian.org/security/2009/dsa-1790
Debian Security Information: DSA-1793 (Google Search)
http://www.debian.org/security/2009/dsa-1793
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html
http://security.gentoo.org/glsa/glsa-200904-20.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:101
http://www.mandriva.com/security/advisories?name=MDVSA-2010:087
http://www.redhat.com/support/errata/RHSA-2009-0430.html
http://www.redhat.com/support/errata/RHSA-2009-0429.html
http://www.redhat.com/support/errata/RHSA-2009-0431.html
RedHat Security Advisories: RHSA-2009:0458
http://rhn.redhat.com/errata/RHSA-2009-0458.html
http://www.redhat.com/support/errata/RHSA-2009-0480.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477
SuSE Security Announcement: SUSE-SA:2009:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html
SuSE Security Announcement: SUSE-SR:2009:010 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
BugTraq ID: 34568
http://www.securityfocus.com/bid/34568
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9632
http://www.securitytracker.com/id?1022073
http://secunia.com/advisories/34755
http://secunia.com/advisories/34291
http://secunia.com/advisories/34481
http://secunia.com/advisories/34852
http://secunia.com/advisories/34756
http://secunia.com/advisories/34959
http://secunia.com/advisories/34963
http://secunia.com/advisories/35037
http://secunia.com/advisories/35065
http://secunia.com/advisories/35074
http://secunia.com/advisories/34991
http://secunia.com/advisories/35064
http://secunia.com/advisories/35618
http://secunia.com/advisories/35685
http://www.vupen.com/english/advisories/2009/1065
http://www.vupen.com/english/advisories/2009/1066
http://www.vupen.com/english/advisories/2009/1077
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2010/1040
Common Vulnerability Exposure (CVE) ID: CVE-2009-0147
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9941
Common Vulnerability Exposure (CVE) ID: CVE-2009-0165
XForce ISS Database: multiple-jbig2-unspecified(50377)
http://xforce.iss.net/xforce/xfdb/50377
Common Vulnerability Exposure (CVE) ID: CVE-2009-0166
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9778
Common Vulnerability Exposure (CVE) ID: CVE-2009-0195
Bugtraq: 20090417 Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502759/100/0/threaded
Bugtraq: 20090417 Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/502762/100/0/threaded
http://secunia.com/secunia_research/2009-17/
http://secunia.com/secunia_research/2009-18/
BugTraq ID: 34791
http://www.securityfocus.com/bid/34791
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10076
Common Vulnerability Exposure (CVE) ID: CVE-2009-0799
http://www.mandriva.com/security/advisories?name=MDVSA-2011:175
CERT/CC vulnerability note: VU#196617
http://www.kb.cert.org/vuls/id/196617
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10204
http://www.securitytracker.com/id?1022072
http://secunia.com/advisories/34746
http://www.vupen.com/english/advisories/2009/1076
Common Vulnerability Exposure (CVE) ID: CVE-2009-0800
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11323
Common Vulnerability Exposure (CVE) ID: CVE-2009-1179
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11892
http://secunia.com/advisories/35379
http://www.vupen.com/english/advisories/2009/1522
Common Vulnerability Exposure (CVE) ID: CVE-2009-1180
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9926
Common Vulnerability Exposure (CVE) ID: CVE-2009-1181
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9683
Common Vulnerability Exposure (CVE) ID: CVE-2009-3606
http://www.openwall.com/lists/oss-security/2009/12/01/1
http://www.openwall.com/lists/oss-security/2009/12/01/5
http://www.openwall.com/lists/oss-security/2009/12/01/6
Debian Security Information: DSA-1941 (Google Search)
http://www.debian.org/security/2009/dsa-1941
Debian Security Information: DSA-2028 (Google Search)
http://www.debian.org/security/2010/dsa-2028
Debian Security Information: DSA-2050 (Google Search)
http://www.debian.org/security/2010/dsa-2050
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html
https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:287
RedHat Security Advisories: RHSA-2009:1500
https://rhn.redhat.com/errata/RHSA-2009-1500.html
RedHat Security Advisories: RHSA-2009:1501
https://rhn.redhat.com/errata/RHSA-2009-1501.html
RedHat Security Advisories: RHSA-2009:1502
https://rhn.redhat.com/errata/RHSA-2009-1502.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1
SuSE Security Announcement: SUSE-SR:2009:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html
BugTraq ID: 36703
http://www.securityfocus.com/bid/36703
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11289
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7836
http://securitytracker.com/id?1023029
http://secunia.com/advisories/37023
http://secunia.com/advisories/37037
http://secunia.com/advisories/37042
http://secunia.com/advisories/37043
http://secunia.com/advisories/37053
http://secunia.com/advisories/37077
http://secunia.com/advisories/37159
http://secunia.com/advisories/39327
http://secunia.com/advisories/39938
http://www.vupen.com/english/advisories/2009/2924
http://www.vupen.com/english/advisories/2009/2928
http://www.vupen.com/english/advisories/2010/0802
http://www.vupen.com/english/advisories/2010/1220
XForce ISS Database: xpdf-psoutputdev-bo(53798)
http://xforce.iss.net/xforce/xfdb/53798
Common Vulnerability Exposure (CVE) ID: CVE-2009-3608
http://www.ocert.org/advisories/ocert-2009-016.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:334
RedHat Security Advisories: RHSA-2009:1503
https://rhn.redhat.com/errata/RHSA-2009-1503.html
RedHat Security Advisories: RHSA-2009:1504
https://rhn.redhat.com/errata/RHSA-2009-1504.html
RedHat Security Advisories: RHSA-2009:1512
https://rhn.redhat.com/errata/RHSA-2009-1512.html
RedHat Security Advisories: RHSA-2009:1513
https://rhn.redhat.com/errata/RHSA-2009-1513.html
http://www.ubuntu.com/usn/USN-850-1
http://www.ubuntu.com/usn/USN-850-3
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9536
http://secunia.com/advisories/37028
http://secunia.com/advisories/37034
http://secunia.com/advisories/37051
http://secunia.com/advisories/37054
http://secunia.com/advisories/37061
http://secunia.com/advisories/37079
http://secunia.com/advisories/37114
http://www.vupen.com/english/advisories/2009/2925
http://www.vupen.com/english/advisories/2009/2926
XForce ISS Database: xpdf-objectstream-bo(53794)
http://xforce.iss.net/xforce/xfdb/53794
Common Vulnerability Exposure (CVE) ID: CVE-2009-3609
http://www.redhat.com/support/errata/RHSA-2010-0755.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11043
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8134
XForce ISS Database: xpdf-imagestream-dos(53800)
http://xforce.iss.net/xforce/xfdb/53800
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.