Linux Security
Linux Security
Linux Security

Debian: New OpenOffice.org packages fix arbitrary code execution

Date 08 Jan 2007
2579
Posted By LinuxSecurity Advisories
John Heasman from Next Generation Security Software discovered a heap overflow in the handling of Windows Metafiles in OpenOffice.org, the free office suite, which could lead to a denial of service and potentially execution of arbitrary code.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1246-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                             Martin Schulze
January 8th, 2007                       https://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : openoffice.org
Vulnerability  : buffer overflow
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2006-5870
Debian Bug     : 405679 405986

John Heasman from Next Generation Security Software discovered a heap
overflow in the handling of Windows Metafiles in OpenOffice.org, the
free office suite, which could lead to a denial of service and
potentially execution of arbitrary code.

For the stable distribution (sarge) this problem has been fixed in
version 1.1.3-9sarge4.

For the unstable distribution (sid) this problem has been fixed in
version 2.0.4-1.

We recommend that you upgrade your openofffice.org package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge4.dsc
      Size/MD5 checksum:     2878 3adfe8b09c20248767fe9d995b3f184c
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge4.diff.gz
      Size/MD5 checksum:  4623655 108120f3b365317fa9c47b25a5445fce
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz
      Size/MD5 checksum: 166568714 5250574bad9906b38ce032d04b765772

  Architecture independent components:

    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2647376 8704f95d7e844e302abcae4d403f7818
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2694806 89cc4671d9d38ff05e5a361a06e02098
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2690164 45db102838292106429d06f2c9d4a77f
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3586142 03e0e6ba4d7abc4954fb7ffe4e04ced6
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2662654 ff77cf34ec2cfc0d8deaa49edf5ed00f
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3581922 7f69ac15b11613a649a2a08ff1501fd8
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3453208 fcd76abbb9df7cd707e36903e9db1f17
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2741468 ab08c03a0f0d78c3db9c99bd80fe12f1
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3525792 12c71a26f9512295ab442fb63e8711a3
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3560792 9965231fb1b0c3956ddb09255b91c86b
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2645014 baa0a0c809a740273d8dfd87b946d81b
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2667748 740c781dd55cad46fdc52c1926d5854e
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2673164 f8b2c8d335490dcaaf3f1bcb63eb72ec
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3494058 674365c474453cf6590a82c2b2d3d631
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2657584 7ce93bcb8f34a3f05f7560b5631a5ed8
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2659220 0eb0857819464be35dd9d7c81beaa0b5
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2695686 3ca8a13e1d82d3036a92606bdce79b16
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2771502 836d91201b70e5747a8099f5a5517deb
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3555644 3f3f0518c84cc9a7e191c6e025c67dcd
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3564244 80fc0de1fc7d84360091e53bdca22853
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2685084 7c5fb3784626924e0c0ce5149191c5f7
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3540114 4c9bed5f7bcea97d3ab3b117640c626d
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2672762 3778280d7eca49a1fbcd401750530fcc
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2663808 d69aa15d7e5ecece8ee1fef8efde0341
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3559972 5f2d3ecab6bb697e66ee82b4e31d7bc0
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2663552 2c1645edd72ca4ee2b6721848b3b360e
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2664676 5d3d924327b847377da15e74dbf70877
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3238860 fcbda1d9de3fc009fa663319b91e2a3a
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3526050 966acfd1ae82a776bdb4f23108600225
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3161406 d4d4fd2f3e77c5586e30f2f875dc33c3
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3332148 55aca35c906a10915e053988b7aa3c09
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3603192 2788a27445e52e81917364aba2a85c0a
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3599238 29ba9e01fb897c1287af13a4c478aeda
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3542822 665126a7f85234beb95d648e20534027
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2689084 ac5b2a0123d8631a182a7de77e63ccf9
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2650990 be8c4d81ccad1cc9951395fdf7ff078b
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2893818 488f3310417ade7cff1b013f7e0d5e82
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3553030 9cd6554701566bc264cc479452b0dcd4
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3548654 e7992921765ffc14f8d212799addb02f
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  2672242 635031d8e6cc4b7c16f3eefad4edb05f
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-mimelnk_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:    67184 e44a08734ab212bdbc017f9675dff986
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-thesaurus-en-us_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  3130960 d659b041a6f58679cf05a67de068b6f3
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:  6852620 9b1363c6d3e7395595687112f6632a36
    https://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_1.1.3-9sarge4_all.deb
      Size/MD5 checksum:   137130 89898024ed9949ede2af7df7a907857b

  Intel IA-32 architecture:

    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge4_i386.deb
      Size/MD5 checksum: 41473164 201d3654e0f25c09cad426a834a6a732
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge4_i386.deb
      Size/MD5 checksum:  1858664 17e895e4db8a124105597bd091fe77db
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge4_i386.deb
      Size/MD5 checksum:   164568 dd1b783a99d9d7e08fa7d0f3707cdf16
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge4_i386.deb
      Size/MD5 checksum:   160158 12e000d7418c4c79540cb0dabdf73c31
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge4_i386.deb
      Size/MD5 checksum:   144160 efafeabb9e208f32dcd4d930f022453e

  PowerPC architecture:

    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge4_powerpc.deb
      Size/MD5 checksum: 39929314 f47ffa291dc5e5423ad286da20780fa0
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge4_powerpc.deb
      Size/MD5 checksum:  1865702 af0983cce9e7f71bfa36445eb525c8be
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge4_powerpc.deb
      Size/MD5 checksum:   161596 ddba4d76fed158c9c4c0441e0de71647
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge4_powerpc.deb
      Size/MD5 checksum:   158824 e50a700f00a8fb92ddaf554fe3cc6fdd
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge4_powerpc.deb
      Size/MD5 checksum:   142330 8746389ad88f5176a6db6b75c0c503cb

  IBM S/390 architecture:

    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge4_s390.deb
      Size/MD5 checksum: 42751682 c5b8173b85bf0f0931c98c2f204a5c05
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge4_s390.deb
      Size/MD5 checksum:  1852730 18d41fcb730e667b6eaeb600dd36a1b5
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge4_s390.deb
      Size/MD5 checksum:   166852 0122761ef0c613aa3f64f7e6685a7311
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge4_s390.deb
      Size/MD5 checksum:   166716 c70e54ac2a1ab5c4b23fb017128db5ec
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge4_s390.deb
      Size/MD5 checksum:   145354 fec4c419919354ae32c114563c8b6390

  Sun Sparc architecture:

    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge4_sparc.deb
      Size/MD5 checksum: 40804144 3f6d727294d3992769146240bb532e69
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge4_sparc.deb
      Size/MD5 checksum:  1847714 7d50650e99e42aa2f0da81493b862274
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge4_sparc.deb
      Size/MD5 checksum:   168000 b703ad63b11459d7062517a7cbb1b776
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge4_sparc.deb
      Size/MD5 checksum:   158394 e2ec76119983f45320a3d2aa5b9112f4
    https://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge4_sparc.deb
      Size/MD5 checksum:   139900 e7b6f94dabdbe6ac98b9e22d8425c27c


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

Advisories

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"43","type":"x","order":"1","pct":84.31,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"4","type":"x","order":"2","pct":7.84,"resources":[]},{"id":"181","title":"Hardly ever","votes":"4","type":"x","order":"3","pct":7.84,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.