Debian DSA-1104-1 Moderate: OpenOffice.org Local Threats Fix
debian
June 29, 2006
Several vulnerabilities have been discovered in OpenOffice.org, a free office suite
Summary
It turned out to be possible to embed arbitrary BASIC macros in
documents in a way that OpenOffice.org does not see them but
executes them anyway without any user interaction.
CVE-2006-2199
It is possible to evade the Java sandbox with specially crafted
Java applets.
CVE-2006-3117
Loading malformed XML documents can cause buffer overflows and
cause a denial of service or execute arbitrary code.
This update has the Mozilla component disabled, so that the
Mozilla/LDAP adressbook feature won't work anymore. It didn't work on
anything else than i386 on sarge either.
The old stable distribution (woody) does not contain OpenOffice.org
packages.
For the stable distribution (sarge) this problem has been fixed in
version 1.1.3-9sarge2.
For the unstable distribution (sid) this problem has been fixed in
version 2.0.3-1.
We recommend that you upgrade your OpenOffice.org packages.
Upgrade Instructions
- --------------------wget url
will fetch the ...
PREVIOUS
NEXT
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!