Debian: New gnumeric packages fix arbitrary code execution

    Date10 Apr 2008
    CategoryDebian
    2958
    Posted ByLinuxSecurity Advisories
    Thilo Pfennig and Morten Welinder discovered several integer overflow weaknesses in Gnumeric, a GNOME spreadsheet application. These vulnerabilities could result in the execution of arbitrary code through the opening of a maliciously crafted Excel spreadsheet.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1546-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                           Devin Carraway
    April 10, 2008                        http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : gnumeric
    Vulnerability  : integer overflow
    Problem type   : local (remote)
    Debian-specific: no
    CVE Id(s)      : CVE-2008-0668
    
    Thilo Pfennig and Morten Welinder discovered several integer overflow
    weaknesses in Gnumeric, a GNOME spreadsheet application.  These
    vulnerabilities could result in the execution of arbitrary code
    through the opening of a maliciously crafted Excel spreadsheet.
    
    For the stable distribution (etch), these problems have been fixed in
    version 1.6.3-5+etch1.
    
    For the unstable (sid) distribution, these problems were fixed in
    version 1.8.1-1.
    
    We recommend that you upgrade your gnumeric packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 4.0 (stable)
    - -------------------
    
    Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1.dsc
        Size/MD5 checksum:     1332 bf302ccff8f47985439966110044db14
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3.orig.tar.gz
        Size/MD5 checksum: 16479052 da792f23bf26a69788736088e69fc7c0
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1.diff.gz
        Size/MD5 checksum:   358014 8daad80708cbf16cf362475437304e96
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-common_1.6.3-5.1+etch1_all.deb
        Size/MD5 checksum:  5272974 82f8f43a0c2a8a6d9803e7cdfa0326dd
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-doc_1.6.3-5.1+etch1_all.deb
        Size/MD5 checksum:  4171320 f42bd6770c540f759763a849d7dea505
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_alpha.deb
        Size/MD5 checksum:   158390 458b52bbf3d015c432da2b889d7c3eca
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_alpha.deb
        Size/MD5 checksum:  2351352 7b078d3fcf9a27b75012bec809759981
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_amd64.deb
        Size/MD5 checksum:   156908 8860c1fd0ff35c0a1eda83758fa69457
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_amd64.deb
        Size/MD5 checksum:  2202134 1d74f4a0c7ede26d7911743793f1c548
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_arm.deb
        Size/MD5 checksum:   151102 41063103b8246a7bcc39db1b54a6b065
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_arm.deb
        Size/MD5 checksum:  2018806 a486eca4fd7b88eb39829eed0743c22d
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_hppa.deb
        Size/MD5 checksum:   161850 fc036ed19c3b161c0d8b06b15e47c9d6
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_hppa.deb
        Size/MD5 checksum:  2418880 0f41e79ac16f966b9bb481ea414a0662
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_i386.deb
        Size/MD5 checksum:  2097038 ce792c3212eb3b912abe060b6438e4fc
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_i386.deb
        Size/MD5 checksum:   152302 df7cdbb758709551116b0b7a1af8757b
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_ia64.deb
        Size/MD5 checksum:  2977964 b410a9d5a465433dc6963c9fdf6e7954
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_ia64.deb
        Size/MD5 checksum:   173702 c34442685a8732e55136152c4da8ac90
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_mips.deb
        Size/MD5 checksum:   150700 31f9785f14f2b54963ea6992e201ce6d
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_mips.deb
        Size/MD5 checksum:  2141368 62a06754168c251e1c31f4141e584b1b
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_mipsel.deb
        Size/MD5 checksum:  2129564 49b647ce4185516cad2dd87f016a6624
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_mipsel.deb
        Size/MD5 checksum:   149690 fc516ba96c1b24dd7e12b94cb5a64538
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_powerpc.deb
        Size/MD5 checksum:  2209046 c92394d958dbe9a8783cdd4dbab07b14
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_powerpc.deb
        Size/MD5 checksum:   157418 56b47e7648eeefa105838e9c2239099a
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_s390.deb
        Size/MD5 checksum:   158596 cbb78e0a514eac16f14184936215b3ba
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_s390.deb
        Size/MD5 checksum:  2264012 d3e7a47436ebc4e6e272d4dedeffbe90
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric-plugins-extra_1.6.3-5.1+etch1_sparc.deb
        Size/MD5 checksum:   152794 d77d8a2e12e862cf1be3d8018eb2fcd7
      http://security.debian.org/pool/updates/main/g/gnumeric/gnumeric_1.6.3-5.1+etch1_sparc.deb
        Size/MD5 checksum:  2125056 4f1771e3f2f19b45ac862e6ab48d7974
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.