Stay Secure with the Latest Linux Advisories

security advisorydenial of servicebuffer overflow

Gentoo GLSA-201502-09: Normal Severity Antiword Buffer Overflow Threat

A buffer overflow vulnerability in Antiword could result in execution of arbitrary code or Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201502-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Antiword: User-assisted execution of arbitrary code Date: February 07, 2015 Bugs: #531404 ID: 201502-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow vulnerability in Antiword could result in execution of arbitrary code or Denial of Service. Background ========= Antiword is a free MS Word reader. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/antiword < 0.37-r1 > = 0.37-r1 Description ========== A buffer overflow vulnerability has been found in wordole.c in Antiword. Impact ===== A remote attacker could entice a user to open a specially crafted document using Antiword, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All Antiword users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-text/antiword-0.37-r1" References ========= [ 1 ] CVE-2014-8123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8123 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201502-09 Concerns? ======== Security isa primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Gentoo GLSA 202301-14: Mitigating vulnerabilities in Zlib's compression algorithms to enhance defenses against potential exploitations in data handling.. Antiword Security Advisory, Gentoo Buffer Overflow, Denial of Service Fix. . LinuxSecurity.com Team

Feb 07, 2015 Gentoo