__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN libgsf Security Update [Red Hat RHSA-2007:0011-3] January 11, 2007 18:00 GMT Number R-106 ______________________________________________________________________________ PROBLEM: A heap based buffer overflow flaw was found in the way GNOME Structured File Library processes and certain OLE documents. PLATFORM: Red Hat Desktop (v. 3 & v. 4) Red Hat Enterprise Linux AS, ES, WS (v. 3 & v. 4) DAMAGE: It could cause the client application to crash or execute arbitrary code. SOLUTION: Upgrade to the appripriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. Remote to user - A buffer overflow in ASSESSMENT: libgsf could allow an intruder to run arbitrary code by getting a user to run a specially crafted OLE file. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-106.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-0011.html CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2006-4514 ______________________________________________________________________________ [***** Start Red Hat RHSA-2007:0011-3 *****] Moderate: libgsf security update Advisory: RHSA-2007:0011-3 Type: Security Advisory Severity: Moderate Issued on: 2007-01-11 Last updated on: 2007-01-11 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) OVAL: com.redhat.rhsa-20070011.xml CVEs (cve.mitre.org): CVE-2006-4514 Details Updated libgsf packages that fix a buffer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The GNOME Structured File Library is a utility library for reading and writing structured file formats. A heap based buffer overflow flaw was found in the way GNOME Structured File Library processes and certain OLE documents. If an person opened a specially crafted OLE file, it could cause the client application to crash or execute arbitrary code. (CVE-2006-4514) Users of GNOME Structured File Library should upgrade to these updated packages, which contain a backported patch that resolves this issue. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: libgsf-1.6.0-7.src.rpm 5f42c5e060448151b1cc72481e99e74b IA-32: libgsf-1.6.0-7.i386.rpm 42a5b234b929ae4a8c5bd44f69b4fd20 libgsf-devel-1.6.0-7.i386.rpm 69f62e90095bb1f167ecad97bc6f3578 x86_64: libgsf-1.6.0-7.x86_64.rpm f79d277e083ca906a69f5b3676832123 libgsf-devel-1.6.0-7.x86_64.rpm b379812cbde613ba03ef20d9377879ef Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: libgsf-1.10.1-2.src.rpm 404523cda4e13234eefafc19017b907b IA-32: libgsf-1.10.1-2.i386.rpm 57038806ecb7afa4e9504337ccd0b574 libgsf-devel-1.10.1-2.i386.rpm 36395b2177fc6ccedbf0f1f105c7fa41 x86_64: libgsf-1.10.1-2.x86_64.rpm ec6646555d10b7b98666cdaf77c8dc97 libgsf-devel-1.10.1-2.x86_64.rpm 86a55b6d2575005edbd2c69ecbcb7040 Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: libgsf-1.6.0-7.src.rpm 5f42c5e060448151b1cc72481e99e74b IA-32: libgsf-1.6.0-7.i386.rpm 42a5b234b929ae4a8c5bd44f69b4fd20 libgsf-devel-1.6.0-7.i386.rpm 69f62e90095bb1f167ecad97bc6f3578 IA-64: libgsf-1.6.0-7.ia64.rpm c8dca7818cbb66da1d6a48c5653bd591 libgsf-devel-1.6.0-7.ia64.rpm a1e617ce15c9d370d8bdcf545b66abba PPC: libgsf-1.6.0-7.ppc.rpm f2b6f9b0dbbe8f1e75a4280b475328f5 libgsf-devel-1.6.0-7.ppc.rpm cb182516fbeb20fdd3c633e8bd13d179 s390: libgsf-1.6.0-7.s390.rpm b60b2d5be0499d52214a8acf519e2445 libgsf-devel-1.6.0-7.s390.rpm 88359045792d4934f1bf44129e008994 s390x: libgsf-1.6.0-7.s390x.rpm 99c62095f64e804675770ddb58c65a99 libgsf-devel-1.6.0-7.s390x.rpm a4cf882f313d220cd070681d26bb83f0 x86_64: libgsf-1.6.0-7.x86_64.rpm f79d277e083ca906a69f5b3676832123 libgsf-devel-1.6.0-7.x86_64.rpm b379812cbde613ba03ef20d9377879ef Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: libgsf-1.10.1-2.src.rpm 404523cda4e13234eefafc19017b907b IA-32: libgsf-1.10.1-2.i386.rpm 57038806ecb7afa4e9504337ccd0b574 libgsf-devel-1.10.1-2.i386.rpm 36395b2177fc6ccedbf0f1f105c7fa41 IA-64: libgsf-1.10.1-2.ia64.rpm 32ffe268b4190d15b3ee801e4c99b2ac libgsf-devel-1.10.1-2.ia64.rpm 177af6faf5ba0bddb02146745d80b450 PPC: libgsf-1.10.1-2.ppc.rpm b8ca791f682bad316515896b68c735aa libgsf-devel-1.10.1-2.ppc.rpm 32c96cd4205dc57ca55023723e8f5948 s390: libgsf-1.10.1-2.s390.rpm ecf5ca8af27c01a17ad98a769d228826 libgsf-devel-1.10.1-2.s390.rpm 901b068a22d5269a2fa895eb3ddaac9d s390x: libgsf-1.10.1-2.s390x.rpm 362f608720c20acba856e50ccd3fde76 libgsf-devel-1.10.1-2.s390x.rpm a8d1b37d009e9e438ae0318aa75c7c83 x86_64: libgsf-1.10.1-2.x86_64.rpm ec6646555d10b7b98666cdaf77c8dc97 libgsf-devel-1.10.1-2.x86_64.rpm 86a55b6d2575005edbd2c69ecbcb7040 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: libgsf-1.6.0-7.src.rpm 5f42c5e060448151b1cc72481e99e74b IA-32: libgsf-1.6.0-7.i386.rpm 42a5b234b929ae4a8c5bd44f69b4fd20 libgsf-devel-1.6.0-7.i386.rpm 69f62e90095bb1f167ecad97bc6f3578 IA-64: libgsf-1.6.0-7.ia64.rpm c8dca7818cbb66da1d6a48c5653bd591 libgsf-devel-1.6.0-7.ia64.rpm a1e617ce15c9d370d8bdcf545b66abba x86_64: libgsf-1.6.0-7.x86_64.rpm f79d277e083ca906a69f5b3676832123 libgsf-devel-1.6.0-7.x86_64.rpm b379812cbde613ba03ef20d9377879ef Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: libgsf-1.10.1-2.src.rpm 404523cda4e13234eefafc19017b907b IA-32: libgsf-1.10.1-2.i386.rpm 57038806ecb7afa4e9504337ccd0b574 libgsf-devel-1.10.1-2.i386.rpm 36395b2177fc6ccedbf0f1f105c7fa41 IA-64: libgsf-1.10.1-2.ia64.rpm 32ffe268b4190d15b3ee801e4c99b2ac libgsf-devel-1.10.1-2.ia64.rpm 177af6faf5ba0bddb02146745d80b450 x86_64: libgsf-1.10.1-2.x86_64.rpm ec6646555d10b7b98666cdaf77c8dc97 libgsf-devel-1.10.1-2.x86_64.rpm 86a55b6d2575005edbd2c69ecbcb7040 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: libgsf-1.6.0-7.src.rpm 5f42c5e060448151b1cc72481e99e74b IA-32: libgsf-1.6.0-7.i386.rpm 42a5b234b929ae4a8c5bd44f69b4fd20 libgsf-devel-1.6.0-7.i386.rpm 69f62e90095bb1f167ecad97bc6f3578 IA-64: libgsf-1.6.0-7.ia64.rpm c8dca7818cbb66da1d6a48c5653bd591 libgsf-devel-1.6.0-7.ia64.rpm a1e617ce15c9d370d8bdcf545b66abba x86_64: libgsf-1.6.0-7.x86_64.rpm f79d277e083ca906a69f5b3676832123 libgsf-devel-1.6.0-7.x86_64.rpm b379812cbde613ba03ef20d9377879ef Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: libgsf-1.10.1-2.src.rpm 404523cda4e13234eefafc19017b907b IA-32: libgsf-1.10.1-2.i386.rpm 57038806ecb7afa4e9504337ccd0b574 libgsf-devel-1.10.1-2.i386.rpm 36395b2177fc6ccedbf0f1f105c7fa41 IA-64: libgsf-1.10.1-2.ia64.rpm 32ffe268b4190d15b3ee801e4c99b2ac libgsf-devel-1.10.1-2.ia64.rpm 177af6faf5ba0bddb02146745d80b450 x86_64: libgsf-1.10.1-2.x86_64.rpm ec6646555d10b7b98666cdaf77c8dc97 libgsf-devel-1.10.1-2.x86_64.rpm 86a55b6d2575005edbd2c69ecbcb7040 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 217949 - CVE-2006-4514 libgsf heap overflow References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4514 http://www.redhat.com/security/updates/classification/#moderate -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2007:0011-3 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) R-096: PDF XSS vulnerability announced at CCC R-097: Multiple Vulnerabilities in Cisco Clean Access R-098: OpenOffice.org Security Update R-099: Opera Web Browser Heap Corruption Vulnerability R-100: Opera Web Browser Object Typecasting Vulnerability R-101: Multiple Vulnerabilities in Cisco Secure Access Control Server R-102: Vulnerability in Microsoft Outlook (925938) R-103: Vulnerability in Vector Markup Language (929969) R-104: Vulnerabilities in Microsoft Excel (927198) R-105: XFree86 and xorg-x11 Security Update