Skip to navigation

Security Advisory Moderate: libgsf security update

Advisory: RHSA-2007:0011-3
Type: Security Advisory
Severity: Moderate
Issued on: 2007-01-11
Last updated on: 2007-01-11
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2006-4514

Details

Updated libgsf packages that fix a buffer overflow flaw are now available.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

The GNOME Structured File Library is a utility library for reading and
writing structured file formats.

A heap based buffer overflow flaw was found in the way GNOME Structured
File Library processes and certain OLE documents. If an person opened a
specially crafted OLE file, it could cause the client application to crash or
execute arbitrary code. (CVE-2006-4514)

Users of GNOME Structured File Library should upgrade to these updated
packages, which contain a backported patch that resolves this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
libgsf-1.6.0-7.src.rpm     MD5: 5f42c5e060448151b1cc72481e99e74b
 
IA-32:
libgsf-1.6.0-7.i386.rpm     MD5: 42a5b234b929ae4a8c5bd44f69b4fd20
libgsf-devel-1.6.0-7.i386.rpm     MD5: 69f62e90095bb1f167ecad97bc6f3578
 
x86_64:
libgsf-1.6.0-7.x86_64.rpm     MD5: f79d277e083ca906a69f5b3676832123
libgsf-devel-1.6.0-7.x86_64.rpm     MD5: b379812cbde613ba03ef20d9377879ef
 
Red Hat Desktop (v. 4)

SRPMS:
libgsf-1.10.1-2.src.rpm     MD5: 404523cda4e13234eefafc19017b907b
 
IA-32:
libgsf-1.10.1-2.i386.rpm     MD5: 57038806ecb7afa4e9504337ccd0b574
libgsf-devel-1.10.1-2.i386.rpm     MD5: 36395b2177fc6ccedbf0f1f105c7fa41
 
x86_64:
libgsf-1.10.1-2.x86_64.rpm     MD5: ec6646555d10b7b98666cdaf77c8dc97
libgsf-devel-1.10.1-2.x86_64.rpm     MD5: 86a55b6d2575005edbd2c69ecbcb7040
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
libgsf-1.6.0-7.src.rpm     MD5: 5f42c5e060448151b1cc72481e99e74b
 
IA-32:
libgsf-1.6.0-7.i386.rpm     MD5: 42a5b234b929ae4a8c5bd44f69b4fd20
libgsf-devel-1.6.0-7.i386.rpm     MD5: 69f62e90095bb1f167ecad97bc6f3578
 
IA-64:
libgsf-1.6.0-7.ia64.rpm     MD5: c8dca7818cbb66da1d6a48c5653bd591
libgsf-devel-1.6.0-7.ia64.rpm     MD5: a1e617ce15c9d370d8bdcf545b66abba
 
PPC:
libgsf-1.6.0-7.ppc.rpm     MD5: f2b6f9b0dbbe8f1e75a4280b475328f5
libgsf-devel-1.6.0-7.ppc.rpm     MD5: cb182516fbeb20fdd3c633e8bd13d179
 
s390:
libgsf-1.6.0-7.s390.rpm     MD5: b60b2d5be0499d52214a8acf519e2445
libgsf-devel-1.6.0-7.s390.rpm     MD5: 88359045792d4934f1bf44129e008994
 
s390x:
libgsf-1.6.0-7.s390x.rpm     MD5: 99c62095f64e804675770ddb58c65a99
libgsf-devel-1.6.0-7.s390x.rpm     MD5: a4cf882f313d220cd070681d26bb83f0
 
x86_64:
libgsf-1.6.0-7.x86_64.rpm     MD5: f79d277e083ca906a69f5b3676832123
libgsf-devel-1.6.0-7.x86_64.rpm     MD5: b379812cbde613ba03ef20d9377879ef
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
libgsf-1.10.1-2.src.rpm     MD5: 404523cda4e13234eefafc19017b907b
 
IA-32:
libgsf-1.10.1-2.i386.rpm     MD5: 57038806ecb7afa4e9504337ccd0b574
libgsf-devel-1.10.1-2.i386.rpm     MD5: 36395b2177fc6ccedbf0f1f105c7fa41
 
IA-64:
libgsf-1.10.1-2.ia64.rpm     MD5: 32ffe268b4190d15b3ee801e4c99b2ac
libgsf-devel-1.10.1-2.ia64.rpm     MD5: 177af6faf5ba0bddb02146745d80b450
 
PPC:
libgsf-1.10.1-2.ppc.rpm     MD5: b8ca791f682bad316515896b68c735aa
libgsf-devel-1.10.1-2.ppc.rpm     MD5: 32c96cd4205dc57ca55023723e8f5948
 
s390:
libgsf-1.10.1-2.s390.rpm     MD5: ecf5ca8af27c01a17ad98a769d228826
libgsf-devel-1.10.1-2.s390.rpm     MD5: 901b068a22d5269a2fa895eb3ddaac9d
 
s390x:
libgsf-1.10.1-2.s390x.rpm     MD5: 362f608720c20acba856e50ccd3fde76
libgsf-devel-1.10.1-2.s390x.rpm     MD5: a8d1b37d009e9e438ae0318aa75c7c83
 
x86_64:
libgsf-1.10.1-2.x86_64.rpm     MD5: ec6646555d10b7b98666cdaf77c8dc97
libgsf-devel-1.10.1-2.x86_64.rpm     MD5: 86a55b6d2575005edbd2c69ecbcb7040
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
libgsf-1.6.0-7.src.rpm     MD5: 5f42c5e060448151b1cc72481e99e74b
 
IA-32:
libgsf-1.6.0-7.i386.rpm     MD5: 42a5b234b929ae4a8c5bd44f69b4fd20
libgsf-devel-1.6.0-7.i386.rpm     MD5: 69f62e90095bb1f167ecad97bc6f3578
 
IA-64:
libgsf-1.6.0-7.ia64.rpm     MD5: c8dca7818cbb66da1d6a48c5653bd591
libgsf-devel-1.6.0-7.ia64.rpm     MD5: a1e617ce15c9d370d8bdcf545b66abba
 
x86_64:
libgsf-1.6.0-7.x86_64.rpm     MD5: f79d277e083ca906a69f5b3676832123
libgsf-devel-1.6.0-7.x86_64.rpm     MD5: b379812cbde613ba03ef20d9377879ef
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
libgsf-1.10.1-2.src.rpm     MD5: 404523cda4e13234eefafc19017b907b
 
IA-32:
libgsf-1.10.1-2.i386.rpm     MD5: 57038806ecb7afa4e9504337ccd0b574
libgsf-devel-1.10.1-2.i386.rpm     MD5: 36395b2177fc6ccedbf0f1f105c7fa41
 
IA-64:
libgsf-1.10.1-2.ia64.rpm     MD5: 32ffe268b4190d15b3ee801e4c99b2ac
libgsf-devel-1.10.1-2.ia64.rpm     MD5: 177af6faf5ba0bddb02146745d80b450
 
x86_64:
libgsf-1.10.1-2.x86_64.rpm     MD5: ec6646555d10b7b98666cdaf77c8dc97
libgsf-devel-1.10.1-2.x86_64.rpm     MD5: 86a55b6d2575005edbd2c69ecbcb7040
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
libgsf-1.6.0-7.src.rpm     MD5: 5f42c5e060448151b1cc72481e99e74b
 
IA-32:
libgsf-1.6.0-7.i386.rpm     MD5: 42a5b234b929ae4a8c5bd44f69b4fd20
libgsf-devel-1.6.0-7.i386.rpm     MD5: 69f62e90095bb1f167ecad97bc6f3578
 
IA-64:
libgsf-1.6.0-7.ia64.rpm     MD5: c8dca7818cbb66da1d6a48c5653bd591
libgsf-devel-1.6.0-7.ia64.rpm     MD5: a1e617ce15c9d370d8bdcf545b66abba
 
x86_64:
libgsf-1.6.0-7.x86_64.rpm     MD5: f79d277e083ca906a69f5b3676832123
libgsf-devel-1.6.0-7.x86_64.rpm     MD5: b379812cbde613ba03ef20d9377879ef
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
libgsf-1.10.1-2.src.rpm     MD5: 404523cda4e13234eefafc19017b907b
 
IA-32:
libgsf-1.10.1-2.i386.rpm     MD5: 57038806ecb7afa4e9504337ccd0b574
libgsf-devel-1.10.1-2.i386.rpm     MD5: 36395b2177fc6ccedbf0f1f105c7fa41
 
IA-64:
libgsf-1.10.1-2.ia64.rpm     MD5: 32ffe268b4190d15b3ee801e4c99b2ac
libgsf-devel-1.10.1-2.ia64.rpm     MD5: 177af6faf5ba0bddb02146745d80b450
 
x86_64:
libgsf-1.10.1-2.x86_64.rpm     MD5: ec6646555d10b7b98666cdaf77c8dc97
libgsf-devel-1.10.1-2.x86_64.rpm     MD5: 86a55b6d2575005edbd2c69ecbcb7040
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

217949 - CVE-2006-4514 libgsf heap overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/