__________________________________________________________

                       The U.S. Department of Energy
                   Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                             libwpd Security Update
                           [Red Hat RHSA-2007:0055-5]

March 22, 2007 15:00 GMT                                          Number R-184
[REVISED 19 Apr 2007]
______________________________________________________________________________
PROBLEM:       There are several overflow bugs in libwpd. 
PLATFORM:      RHEL Desktop Workstation (v. 5 client) 
               RHEL Optional Productivity Applications (v. 5 server) 
			   Red Hat Enterprise Linux Desktop (v. 5 client) 
			   Debian GNU/Linux 3.1 (sarge)
			   StarOffice 8 Office Suite
DAMAGE:        An application linked with libwpd, such as OpenOffice, to crash 
               or ppossibly execute arbitrary code. 
SOLUTION:      Upgrade to the appropriate version. 
______________________________________________________________________________
VULNERABILITY  The risk is MEDIUM. An attacker could create a carefully 
ASSESSMENT:    crafted Word Perfect file that could cause an application 
               linked with libwpd, such as OpenOffice, to crash or possibly 
               execute arbitrary code if the file was opened by a victim. 
______________________________________________________________________________
LINKS: 
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/r-184.shtml 
 ORIGINAL BULLETIN:  https://rhn.redhat.com/errata/RHSA-2007-0055.html 
 ADDITIONAL LINKS:   Debian Security Advisory DSA-1268-1
                     http://www.debian.org/security/2007/dsa-1268
					 Sun Alert ID: 102863
					 http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102863-1
 CVE:                http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= 
                     CVE-2007-0002 
______________________________________________________________________________
REVISION HISTORY:
04/19/2007 - revised R-184 to add a link to Sun Alert ID: 102863 for StarOffice 8
             Office Suite.



[***** Start Red Hat RHSA-2007:0055-5 *****]

Important: libwpd security update
Advisory: RHSA-2007:0055-5 
Type: Security Advisory 
Severity: Important 
Issued on: 2007-03-16 
Last updated on: 2007-03-16 
Affected Products: RHEL Desktop Workstation (v. 5 client)
RHEL Optional Productivity Applications (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client) 
OVAL: com.redhat.rhsa-20070055.xml 
CVEs (cve.mitre.org): CVE-2007-0002
CVE-2007-1466
 


Details
Updated libwpd packages to correct a security issue are now available for 
Red Hat Enterprise Linux 5. 

This update has been rated as having important security impact by the Red 
Hat Security Response Team.

libwpd is a library for reading and converting Word Perfect documents. 

iDefense reported several overflow bugs in libwpd. An attacker could 
create a carefully crafted Word Perfect file that could cause an 
application linked with libwpd, such as OpenOffice, to crash or possibly 
execute arbitrary code if the file was opened by a victim. (CVE-2007-0002) 

All users are advised to upgrade to these updated packages, which contain a 
backported fix for this issue. 

Red Hat would like to thank Fridrich Štrba for alerting us to these issues 
and providing a patch.



Solution
Before applying this update, make sure that all previously-released 
errata relevant to your system have been applied. 

This update is available via Red Hat Network. Details on how to use 
the Red Hat Network to apply this update are available at 
http://kbase.redhat.com/faq/FAQ_58_10188


Updated packages
RHEL Desktop Workstation (v. 5 client) 

--------------------------------------------------------------------------------
 
IA-32: 
libwpd-devel-0.8.7-3.el5.i386.rpm     8cca81259f7c924e8390f842907bf7fd 
  
x86_64: 
libwpd-devel-0.8.7-3.el5.i386.rpm     8cca81259f7c924e8390f842907bf7fd 
libwpd-devel-0.8.7-3.el5.x86_64.rpm     b86747cfa48cc2bd000baea86976a279 
  
RHEL Optional Productivity Applications (v. 5 server) 

--------------------------------------------------------------------------------
 
SRPMS: 
libwpd-0.8.7-3.el5.src.rpm     c212cfc2bfabec2887bca4cbcf34acdc 
  
IA-32: 
libwpd-0.8.7-3.el5.i386.rpm     d7de3bf36ddb16a350408bc72114a687 
libwpd-devel-0.8.7-3.el5.i386.rpm     8cca81259f7c924e8390f842907bf7fd 
libwpd-tools-0.8.7-3.el5.i386.rpm     12cb995ab0f2ac9086ee7c80452eb10e 
  
x86_64: 
libwpd-0.8.7-3.el5.i386.rpm     d7de3bf36ddb16a350408bc72114a687 
libwpd-0.8.7-3.el5.x86_64.rpm     20d519bcc68a56585fdaae42e02ceb20 
libwpd-devel-0.8.7-3.el5.i386.rpm     8cca81259f7c924e8390f842907bf7fd 
libwpd-devel-0.8.7-3.el5.x86_64.rpm     b86747cfa48cc2bd000baea86976a279 
libwpd-tools-0.8.7-3.el5.x86_64.rpm     d283ebc02dd5a7122bf9160c4dd3a8dd 
  
Red Hat Enterprise Linux Desktop (v. 5 client) 

--------------------------------------------------------------------------------
 
SRPMS: 
libwpd-0.8.7-3.el5.src.rpm     c212cfc2bfabec2887bca4cbcf34acdc 
  
IA-32: 
libwpd-0.8.7-3.el5.i386.rpm     d7de3bf36ddb16a350408bc72114a687 
libwpd-tools-0.8.7-3.el5.i386.rpm     12cb995ab0f2ac9086ee7c80452eb10e 
  
x86_64: 
libwpd-0.8.7-3.el5.i386.rpm     d7de3bf36ddb16a350408bc72114a687 
libwpd-0.8.7-3.el5.x86_64.rpm     20d519bcc68a56585fdaae42e02ceb20 
libwpd-tools-0.8.7-3.el5.x86_64.rpm     d283ebc02dd5a7122bf9160c4dd3a8dd 
  
(The unlinked packages above are only available from the Red Hat Network)
 


Bugs fixed (see bugzilla for more information)
222808 - CVE-2007-0002 buffer overflows



References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1466
http://www.redhat.com/security/updates/classification/#important 


--------------------------------------------------------------------------------
These packages are GPG signed by Red Hat for security. Our key and details on 
how to verify the signature are available from:

https://www.redhat.com/security/team/key/#package 

The Red Hat security contact is secalert@redhat.com. More contact details at 
http://www.redhat.com/security/team/contact/


[***** End Red Hat RHSA-2007:0055-5 *****]
_______________________________________________________________________________

CIAC wishes to acknowledge the contributions of Red Hat for the 
information contained in this bulletin.
_______________________________________________________________________________


CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 925-422-8193 (7x24)
    FAX:      +1 925-423-8002
    STU-III:  +1 925-423-2604
    E-mail:   ciac@ciac.org

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://www.ciac.org/
   Anonymous FTP:       ftp.ciac.org

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

R-174: HP-UX Java (JRE and JDK) Vulnerability
R-175: Security Vulnerability in the ipmitool(1m) Interface to Sun Fire
R-176: Apple Security Update 2007-003
R-177: Linux Kernel Vulnerable to DoS via ipv6_getsockopt_sticky() Function
R-178: Bind Security Update
R-179: Sun Java System Web Server Vulnerability
R-180: Kernel Security and Bug Fix Update
R-181: OpenBSD's IPV6 MBUFS Vulnerability
R-182: OPC Server Vulnerability
R-183: OpenAFS Vulnerability