Navigation
|
|
| Problem Description |
iDefense reported several overflow bugs in libwpd. An attacker
could create a carefully crafted Word Perfect file that could cause
an application linked with libwpd, such as OpenOffice, to crash or
possibly execute arbitrary code if the file was opened by a victim.
Updated packages have been patched to address this issue.
| Updated Packages |
Mandriva Linux 2007
dc542d5d0287c5fc7d032c8bb8739f76 2007.0/i586/libwpd-0.8_8-0.8.6-1.1mdv2007.0.i586.rpm 049c74e8e8d5ea73aab2f986dd9ce75a 2007.0/i586/libwpd-0.8_8-devel-0.8.6-1.1mdv2007.0.i586.rpm b52f1c37150bdea7ff484ef4aaf1791a 2007.0/i586/libwpd-tools-0.8.6-1.1mdv2007.0.i586.rpm efde71d904604af261dae41949d6f314 2007.0/SRPMS/libwpd-0.8.6-1.1mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
fa400d38581ce2ea7fd18ff5f2202508 2007.0/x86_64/lib64wpd-0.8_8-0.8.6-1.1mdv2007.0.x86_64.rpm 7f5be4640b867ed6b5e6bbdd8cca4096 2007.0/x86_64/lib64wpd-0.8_8-devel-0.8.6-1.1mdv2007.0.x86_64.rpm 72743642ac95ab9acdaa7193656f6023 2007.0/x86_64/libwpd-tools-0.8.6-1.1mdv2007.0.x86_64.rpm efde71d904604af261dae41949d6f314 2007.0/SRPMS/libwpd-0.8.6-1.1mdv2007.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1466
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.