Security: Advisories for KPDF, KOffice and Konversation
Friday, 21 January 2005 | Wbastian
Three security advisories have been issued this week. The first two are due to a vulnerability that was discovered in xpdf. Both KPDF and the KOffice PDF import filter include their own version of xpdf and as a result they too will require some updating. The third advisory involves Konversation in which several security issues where discovered.
Comments:
Shared libraries - anon - 2005-01-22
"Both KPDF and the KOffice PDF import filter include their own version of xpdf" What?!? Isn't this exactly what shared libraries are for?
Re: Shared libraries - Daniel Molkentin - 2005-01-22
If xpdf was available as a shared library, it certainly would...
Re: Shared libraries - fprog26 - 2005-01-22
Well, since KPDF and KOffice are both KDE package, maybe there should exist only one shared library for xpdf within KDE? Code duplication sux 101
Re: Shared libraries - Christian Loose - 2005-01-22
If xpdf was available as a shared library, it certainly would..
Re: Shared libraries - Ingo Klöcker - 2005-01-22
Wrong. If xpdf was available in KDE as a shared KDE wrapper library then it certainly would. There's absolutely no reason to have two copies of xpdf in KDE (at least not in the long run). I bet that those were not the last security problems which are discovered in xpdf: October 2004: http://www.kde.org/info/security/advisory-20041021-1.txt http://koffice.kde.org/security/2004_xpdf_integer_overflow.php December 2004: http://www.kde.org/info/security/advisory-20041223-1.txt http://koffice.kde.org/security/2004_xpdf_integer_overflow_2.php January 2004: http://www.kde.org/info/security/advisory-20050119-1.txt http://koffice.kde.org/security/advisory-20050120-1.txt
Re: Shared libraries - Morty - 2005-01-22
What is even more puzzling is the fact that the kdegraphics module both contains an version of xpdf and try to link to parts of a external version. Since I don't have xpdf installed I get this funny mesage when using cvs. You're missing pdfinfo. That means that you won't be able to see additional informations about pdf files in konqueror. The plugin for it will still be compiled, but won't work until you install pdfinfo. You can download it (inside the xpdf package) from http://www.foolabs.com/xpdf/ I have been considering filing a bug on it, but haven't gotten around to it yet:-)
Re: Shared libraries - azhyd - 2005-01-22
One practical problem is where do you put the common library. Another problem is that the xpdf sources needs some slight modifications for the pdf->kword filter.
Re: Shared libraries - azhyd - 2005-01-22
and one more problem is that in koffice it is not the same xpdf version ... I am working on that though.
Security - llllll - 2005-01-22
Fixed this potential remote_procedure_call-risk. Note: Older Linux versions are lesser hollowed.