USN-603-2: KOffice vulnerability

17 April 2008

koffice vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 7.10
  • Ubuntu 7.04
  • Ubuntu 6.10
  • Ubuntu 6.06 LTS

Software Description

  • koffice


USN-603-1 fixed vulnerabilities in poppler. This update provides the corresponding updates for KWord, part of KOffice.

Original advisory details:

It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 7.10
kword - 1:1.6.3-0ubuntu5.2
Ubuntu 7.04
kword - 1:1.6.2-0ubuntu1.3
Ubuntu 6.10
kword - 1:1.5.2-0ubuntu2.4
Ubuntu 6.06 LTS
kword - 1:1.5.0-0ubuntu9.4

To update your system, please follow these instructions:

After a standard system upgrade you need to restart KWord to effect the necessary changes.