Debian: DSA-2151-1: New OpenOffice.org packages fix several vulnerabilities
Summary
Several security related problems have been discovered in the
OpenOffice.org package that allows malformed documents to trick the
system into crashes or even the execution of arbitrary code.
CVE-2010-3450
During an internal security audit within Red Hat, a directory
traversal vulnerability has been discovered in the way
OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If
a local user is tricked into opening a specially-crafted OOo XML
filters package file, this problem could allow remote attackers to
create or overwrite arbitrary files belonging to local user or,
potentially, execute arbitrary code.
CVE-2010-3451
During his work as a consultant at Virtual Security Research
(VSR), Dan Rosenberg discovered a vulnerability in
OpenOffice.org's RTF parsing functionality. Opening a maliciously
crafted RTF document can caus an out-of-bounds memory read into
previously allocated heap memory, which may lead to the execution
of arbitrary code.
CVE-2010-3452
Dan Rosenberg discovered a vulnerability in the RTF file parser
which can be leveraged by attackers to achieve arbitrary code
execution by convincing a victim to open a maliciously crafted RTF
file.
CVE-2010-3453
As part of his work with Virtual Security Research, Dan Rosenberg
discovered a vulnerability in the WW8ListManager::WW8ListManager()
function of OpenOffice.org that allows a maliciously crafted file
to cause the execution of arbitrary code.
CVE-2010-3454
As part of his work with Virtual Security Research, Dan Rosenberg
discovered a vulnerability in the WW8DopTypography::ReadFromMem()
function in OpenOffice.org that may be exploited by a maliciously
crafted file which allowins an attacker to control program flow
and potentially execute arbitrary code.
CVE-2010-3689
Dmitri Gribenko discovered that the soffice script does not treat
an empty LD_LIBRARY_PATH variable like an unset one, may lead to
the execution of arbitrary code.
CVE-2010-4253
A heap based buffer overflow has been discovered with unknown impact.
CVE-2010-4643
A vulnerability has been discovered in the way OpenOffice.org
handles TGA graphics which can be tricked by a specially crafted
TGA file that could cause the program to crash due to a heap-based
buffer overflow with unknown impact.
For the stable distribution (lenny) these problems have been fixed in
version 2.4.1+dfsg-1+lenny11.
For the upcoming stable distribution (squeeze) these problems have
been fixed in version 3.2.1-11+squeeze1.
For the unstable distribution (sid) these problems have been fixed in
version 3.2.1-11+squeeze1.
For the experimental distribution these problems have been fixed in
version 3.3.0~rc3-1.
We recommend that you upgrade your OpenOffice.org packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: [18]http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org