Debian: DSA-2151-1: New OpenOffice.org packages fix several vulnerabilities

    Date26 Jan 2011
    CategoryDebian
    30
    Posted ByLinuxSecurity Advisories
    Several security related problems have been discovered in the OpenOffice.org package that allows malformed documents to trick the system into crashes or even the execution of arbitrary code.
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 2151-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    January 26th, 2011                      http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : openoffice.org
    Vulnerability  : several
    Problem type   : local (remote)
    Debian-specific: no
    CVE ID         : CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453
                     CVE-2010-3454 CVE-2010-3689 CVE-2010-4253 CVE-2010-4643 
    
    Several security related problems have been discovered in the
    OpenOffice.org package that allows malformed documents to trick the
    system into crashes or even the execution of arbitrary code.
    
    CVE-2010-3450
    
        During an internal security audit within Red Hat, a directory
        traversal vulnerability has been discovered in the way
        OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files.  If
        a local user is tricked into opening a specially-crafted OOo XML
        filters package file, this problem could allow remote attackers to
        create or overwrite arbitrary files belonging to local user or,
        potentially, execute arbitrary code.
    
    CVE-2010-3451
    
        During his work as a consultant at Virtual Security Research
        (VSR), Dan Rosenberg discovered a vulnerability in
        OpenOffice.org's RTF parsing functionality.  Opening a maliciously
        crafted RTF document can caus an out-of-bounds memory read into
        previously allocated heap memory, which may lead to the execution
        of arbitrary code.
    
    CVE-2010-3452
    
        Dan Rosenberg discovered a vulnerability in the RTF file parser
        which can be leveraged by attackers to achieve arbitrary code
        execution by convincing a victim to open a maliciously crafted RTF
        file.
    
    CVE-2010-3453
    
        As part of his work with Virtual Security Research, Dan Rosenberg
        discovered a vulnerability in the WW8ListManager::WW8ListManager()
        function of OpenOffice.org that allows a maliciously crafted file
        to cause the execution of arbitrary code.
    
    CVE-2010-3454
    
        As part of his work with Virtual Security Research, Dan Rosenberg
        discovered a vulnerability in the WW8DopTypography::ReadFromMem()
        function in OpenOffice.org that may be exploited by a maliciously
        crafted file which allowins an attacker to control program flow
        and potentially execute arbitrary code.
    
    CVE-2010-3689
    
        Dmitri Gribenko discovered that the soffice script does not treat
        an empty LD_LIBRARY_PATH variable like an unset one, may lead to
        the execution of arbitrary code.
    
    CVE-2010-4253
    
        A heap based buffer overflow has been discovered with unknown impact.
    
    CVE-2010-4643
    
        A vulnerability has been discovered in the way OpenOffice.org
        handles TGA graphics which can be tricked by a specially crafted
        TGA file that could cause the program to crash due to a heap-based
        buffer overflow with unknown impact.
    
    
    For the stable distribution (lenny) these problems have been fixed in
    version 2.4.1+dfsg-1+lenny11.
    
    For the upcoming stable distribution (squeeze) these problems have
    been fixed in version 3.2.1-11+squeeze1.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 3.2.1-11+squeeze1.
    
    For the experimental distribution these problems have been fixed in
    version 3.3.0~rc3-1.
    
    We recommend that you upgrade your OpenOffice.org packages.
    
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: [18]http://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.