[sflack-security] libwpd (SFSA:2007-085-02)
New libwpd packages are available for Sflack 11.0, and -current
to fix security issues.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002
Here are the details from the Sflack 11.0 ChangeLog:
+--------------------------+
patches/packages/libwpd-0.8.9-x86_64-1_sflack11.0.tgz:
Upgraded to libwpd-0.8.9.
Various overflows may lead to application crashes upon opening a specially
crafted WordPerfect file. This vulnerability could also conceivably be
used by an attacker to execute arbitrary code.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-002
(* Security fix *)
+--------------------------+
Where to find the new packages:
+-----------------------------+
See the "Get Sflack" section on http://sflack.com for
additional mirror sites near you.
Updated package for Sflack 11.0:
ftp://ftp.sflack.com/pub/sflack/sflack-11.0/patches/packages/libwpd-0.8.9-x86_64-1_sflack11.0.tgz
Updated package for Sflack -current:
ftp://ftp.sflack.com/pub/sflack/sflack-current/slackware/l/libwpd-0.8.9-x86_64-1.tgz
MD5 signatures:
+-------------+
Sflack 11.0 package:
7da467de9fe50fef8f6ce6260470e131 libwpd-0.8.9-x86_64-1_sflack11.0.tgz
Sflack -current package:
a017c907d972739c83b2b41a02c9e358 libwpd-0.8.9-x86_64-1.tgz
Installation instructions:
+------------------------+
Upgrade the packages as root:
# upgradepkg libwpd-0.8.9-x86_64-1_sflack11.0.tgz
+-----+
Sflack Linux Security Team
http://sflack.com/gpg-key
security a sflack.com
Correlati