Skip to navigation

Security Advisory Important: libwpd security update

Advisory: RHSA-2012:1043-1
Type: Security Advisory
Severity: Important
Issued on: 2012-06-26
Last updated on: 2012-06-26
Affected Products: RHEL Desktop Workstation (v. 5 client)
RHEL Optional Productivity Applications (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2012-2149

Details

Updated libwpd packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

libwpd is a library for reading and converting Corel WordPerfect Office
documents.

A buffer overflow flaw was found in the way libwpd processed certain
Corel WordPerfect Office documents (.wpd files). An attacker could provide
a specially-crafted .wpd file that, when opened in an application linked
against libwpd, such as OpenOffice.org, would cause the application to
crash or, potentially, execute arbitrary code with the privileges of the
user running the application. (CVE-2012-2149)

All libwpd users are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. All running applications
that are linked against libwpd must be restarted for this update to take
effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
libwpd-0.8.7-3.1.el5_8.src.rpm     MD5: 27369f0b29ee890d929ffc7128a30ddd
SHA-256: 4a0e87d5eeb013c20759653bb6cf064954f61a053ce415ca2d0757f518a1f3da
 
IA-32:
libwpd-debuginfo-0.8.7-3.1.el5_8.i386.rpm     MD5: bff9953cc410803a34dfd2562d67c4bd
SHA-256: f70c3d62f6009cac93a40e470ac39a16f28e41355a43d4dbd93c1801e9708465
libwpd-devel-0.8.7-3.1.el5_8.i386.rpm     MD5: 35624cd1e55823195f91b1fb6d695a1d
SHA-256: 340456573c48b6c7b551c7154070da834de73c696c9a96bddc7b37c7e6b75a25
 
x86_64:
libwpd-debuginfo-0.8.7-3.1.el5_8.i386.rpm     MD5: bff9953cc410803a34dfd2562d67c4bd
SHA-256: f70c3d62f6009cac93a40e470ac39a16f28e41355a43d4dbd93c1801e9708465
libwpd-debuginfo-0.8.7-3.1.el5_8.x86_64.rpm     MD5: 34276deb3aeec1fdcd0ccd74875561a0
SHA-256: bb22850fb83f1ca2fd9fddd2aa0233f895e026304dffb78edc753641a0cf8e19
libwpd-devel-0.8.7-3.1.el5_8.i386.rpm     MD5: 35624cd1e55823195f91b1fb6d695a1d
SHA-256: 340456573c48b6c7b551c7154070da834de73c696c9a96bddc7b37c7e6b75a25
libwpd-devel-0.8.7-3.1.el5_8.x86_64.rpm     MD5: 2e07c45ba95c070573ad2238b1628a4d
SHA-256: 027c6760ed7ba1b8bbb6ad8b172809506783ed71c39a1951ba1679592a69401d
 
RHEL Optional Productivity Applications (v. 5 server)

SRPMS:
libwpd-0.8.7-3.1.el5_8.src.rpm     MD5: 27369f0b29ee890d929ffc7128a30ddd
SHA-256: 4a0e87d5eeb013c20759653bb6cf064954f61a053ce415ca2d0757f518a1f3da
 
IA-32:
libwpd-0.8.7-3.1.el5_8.i386.rpm     MD5: b1c173752c62931fbe7b1d9e0a978f23
SHA-256: 320188d95d84324b38c979c6f3bffa513d9b06db869fd1d6a6c29d1b2e23c415
libwpd-debuginfo-0.8.7-3.1.el5_8.i386.rpm     MD5: bff9953cc410803a34dfd2562d67c4bd
SHA-256: f70c3d62f6009cac93a40e470ac39a16f28e41355a43d4dbd93c1801e9708465
libwpd-devel-0.8.7-3.1.el5_8.i386.rpm     MD5: 35624cd1e55823195f91b1fb6d695a1d
SHA-256: 340456573c48b6c7b551c7154070da834de73c696c9a96bddc7b37c7e6b75a25
libwpd-tools-0.8.7-3.1.el5_8.i386.rpm     MD5: 1b02c25553b0957f74f7be1e5bbaeef5
SHA-256: 66b3666fadcc084e6db348f4262b964b488d79cbbec35a924cae45efaf2ad06e
 
x86_64:
libwpd-0.8.7-3.1.el5_8.i386.rpm     MD5: b1c173752c62931fbe7b1d9e0a978f23
SHA-256: 320188d95d84324b38c979c6f3bffa513d9b06db869fd1d6a6c29d1b2e23c415
libwpd-0.8.7-3.1.el5_8.x86_64.rpm     MD5: 249d1f6cf9f025808f72f07a8f827fa1
SHA-256: 3ac9dde500e63d940edf5bae1f34ebada0c3b7e1f3b9f86d9d306fdf3666f038
libwpd-debuginfo-0.8.7-3.1.el5_8.i386.rpm     MD5: bff9953cc410803a34dfd2562d67c4bd
SHA-256: f70c3d62f6009cac93a40e470ac39a16f28e41355a43d4dbd93c1801e9708465
libwpd-debuginfo-0.8.7-3.1.el5_8.x86_64.rpm     MD5: 34276deb3aeec1fdcd0ccd74875561a0
SHA-256: bb22850fb83f1ca2fd9fddd2aa0233f895e026304dffb78edc753641a0cf8e19
libwpd-devel-0.8.7-3.1.el5_8.i386.rpm     MD5: 35624cd1e55823195f91b1fb6d695a1d
SHA-256: 340456573c48b6c7b551c7154070da834de73c696c9a96bddc7b37c7e6b75a25
libwpd-devel-0.8.7-3.1.el5_8.x86_64.rpm     MD5: 2e07c45ba95c070573ad2238b1628a4d
SHA-256: 027c6760ed7ba1b8bbb6ad8b172809506783ed71c39a1951ba1679592a69401d
libwpd-tools-0.8.7-3.1.el5_8.x86_64.rpm     MD5: e50017469e0445758594848c8efa7806
SHA-256: dda4fe1da38144c5ab2505af0a2ddbaa806116e6f01ef94bc824da1289251fff
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
libwpd-0.8.7-3.1.el5_8.src.rpm     MD5: 27369f0b29ee890d929ffc7128a30ddd
SHA-256: 4a0e87d5eeb013c20759653bb6cf064954f61a053ce415ca2d0757f518a1f3da
 
IA-32:
libwpd-0.8.7-3.1.el5_8.i386.rpm     MD5: b1c173752c62931fbe7b1d9e0a978f23
SHA-256: 320188d95d84324b38c979c6f3bffa513d9b06db869fd1d6a6c29d1b2e23c415
libwpd-debuginfo-0.8.7-3.1.el5_8.i386.rpm     MD5: bff9953cc410803a34dfd2562d67c4bd
SHA-256: f70c3d62f6009cac93a40e470ac39a16f28e41355a43d4dbd93c1801e9708465
libwpd-tools-0.8.7-3.1.el5_8.i386.rpm     MD5: 1b02c25553b0957f74f7be1e5bbaeef5
SHA-256: 66b3666fadcc084e6db348f4262b964b488d79cbbec35a924cae45efaf2ad06e
 
x86_64:
libwpd-0.8.7-3.1.el5_8.i386.rpm     MD5: b1c173752c62931fbe7b1d9e0a978f23
SHA-256: 320188d95d84324b38c979c6f3bffa513d9b06db869fd1d6a6c29d1b2e23c415
libwpd-0.8.7-3.1.el5_8.x86_64.rpm     MD5: 249d1f6cf9f025808f72f07a8f827fa1
SHA-256: 3ac9dde500e63d940edf5bae1f34ebada0c3b7e1f3b9f86d9d306fdf3666f038
libwpd-debuginfo-0.8.7-3.1.el5_8.i386.rpm     MD5: bff9953cc410803a34dfd2562d67c4bd
SHA-256: f70c3d62f6009cac93a40e470ac39a16f28e41355a43d4dbd93c1801e9708465
libwpd-debuginfo-0.8.7-3.1.el5_8.x86_64.rpm     MD5: 34276deb3aeec1fdcd0ccd74875561a0
SHA-256: bb22850fb83f1ca2fd9fddd2aa0233f895e026304dffb78edc753641a0cf8e19
libwpd-tools-0.8.7-3.1.el5_8.x86_64.rpm     MD5: e50017469e0445758594848c8efa7806
SHA-256: dda4fe1da38144c5ab2505af0a2ddbaa806116e6f01ef94bc824da1289251fff
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

822207 - CVE-2012-2149 libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD) documents


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/