Debian: New OpenOffice.org packages fix several vulnerabilities

    Date20 Mar 2007
    CategoryDebian
    3493
    Posted ByLinuxSecurity Advisories
    Several security related problems have been discovered in OpenOffice.org, the free office suite. The Common Vulnerabilities and Exposures project identifies the following problems.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1270-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    March 20th, 2007                        http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : openoffice.org
    Vulnerability  : several
    Problem type   : local (remote)
    Debian-specific: no
    CVE IDs        : CVE-2007-0002 CVE-2007-0238 CVE-2007-0239
    
    Several security related problems have been discovered in
    OpenOffice.org, the free office suite.  The Common Vulnerabilities and
    Exposures project identifies the following problems:
    
    CVE-2007-0002
    
        iDefense reported several integer overflow bugs in libwpd, a
        library for handling WordPerfect documents that is included in
        OpenOffice.org.  Attackers are able to exploit these with
        carefully crafted WordPerfect files that could cause an
        application linked with libwpd to crash or possibly execute
        arbitrary code.
    
    CVE-2007-0238
    
        Next Generation Security discovered that the StarCalc parser in
        OpenOffice.org contains an easily exploitable stack overflow that
        could be used exploited by a specially crafted document to execute
        arbitrary code.
    
    CVE-2007-0239
    
        It has been reported that OpenOffice.org does not escape shell
        meta characters and is hence vulnerable to execute arbitrary shell
        commands via a specially crafted document after the user clicked
        to a prepared link.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 1.1.3-9sarge6.
    
    For the testing distribution (etch) these problems have been fixed in
    version 2.0.4.dfsg.2-6.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 2.0.4.dfsg.2-6.
    
    We recommend that you upgrade your OpenOffice.org packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6.dsc
          Size/MD5 checksum:     2878 6c4447f2bdd8cde4e10556eacb9aef80
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6.diff.gz
          Size/MD5 checksum:  4630152 e9d9ee838f73572836b059f8033bdb35
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz
          Size/MD5 checksum: 166568714 5250574bad9906b38ce032d04b765772
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2648700 9dedff380f535381ca48fc23da8c74ae
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2696106 2eebd4484da0e9a4dcbde3b01e309ba7
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2692842 e2f0cce7f7ca75c26a55b2615a0d32a2
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3587952 02a0dcfd7d36cea6433365e4c9acd00f
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2664822 176c3bd0b24dc4a0700d558e7df15ddd
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3584442 b7a8d9b8b21a152537ef71d3dce56d54
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3455220 214fd0769fb967b22521b244a5f8e412
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2742946 04c91de4bb5b2b6d453ede296693889a
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3527040 738553a6850160b374d36b7a83f79370
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3563372 db130e40120c69626e950063eee07a3d
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2646546 5ebb68935e9a3eba761cc2574717339c
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2670434 ed48f9c2f37fed09f741ce4f8a690bc5
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2675206 5f7d1dcd9a1e3ee8c9582da53300e8f4
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3496040 b65004e7d70e0bc6b94ce5fcba33f21c
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2659162 dc858e988c2025cc37b76d1b21d400b8
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2661416 d3ad4533667aa90f52bed28b1525437c
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2697048 b84ec1f9fa2561e4c2f344b6d6052986
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2772632 fcb6b507ff92c95c94a85f471a0fa522
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3557364 ed6dcc2203bb3329ce98c4e626a9ffa7
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3564910 59cbed0cba5644f4f428fa9cb5551c2d
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2686506 a7aa7937a1818cb63537746e961c2072
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3541338 a411e36d9d06b844628a1bbce51508f1
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2673870 8899a3bddb951b8affe9b68774d22cb5
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2665700 dadd04e21d730a0eda273205d8b0e506
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3561748 6807bb01d7c2bef00c393128d7948da4
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2665678 08076bb0916dd8d702b0ac6a6b582aba
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2667602 8cd2a2fd1544772908a239fcf81d5057
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3241012 ffa736fab57309f09cf269316c2be189
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3527818 b97751305b37e48e99e76eff3a684239
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3164122 4aa344cc3da0d600bbf7a37f6d161df9
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3333266 b5c3466e4f6df17431cfe57840da8da4
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3604862 1c9e35a8b63c9cff2a7ac25f9613cbf9
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3600626 0802e8e76b4f13e0c8c426051d3d19b0
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3543964 7c75870c1e87da21750175c9347b1e17
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2689868 2df2a8205355c4081f5b41f1a8a23485
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2652696 6aee58cf724a13ae07ffcb2d52b4fde6
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2895216 99f03f68a8046edbf56faf2d75d82edd
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3554128 bf3e1b409a3779b7f3dac854dbd878b3
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3549590 ce73373dbc4b1598d01596ab3ac91a96
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  2673534 06ae86a2e873845cf08e9fff5d23ff6a
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-mimelnk_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:    67534 56b5d2fe567a33bd5d208e0f179b4410
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-thesaurus-en-us_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  3131362 f1e269dc8d5cd27099e3c1db7bd15c8d
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:  6852372 c2c23a8406b9890521f87716585e0fd4
        http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_1.1.3-9sarge6_all.deb
          Size/MD5 checksum:   137464 6f58470f00a2ec8c27ab98e875de956c
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge6_i386.deb
          Size/MD5 checksum: 41473388 b280f888e5a84c12e359e7f6830a81a7
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge6_i386.deb
          Size/MD5 checksum:  1857594 e54523506eb611fa23e758161cf250b0
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge6_i386.deb
          Size/MD5 checksum:   164856 f1809a564e47ee6cf1af37883fe91108
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge6_i386.deb
          Size/MD5 checksum:   160390 6a214287121ed3d1a03c2b3efbd3950e
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge6_i386.deb
          Size/MD5 checksum:   144378 87bff29447ba1026c8ea6a2cb56dc406
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge6_powerpc.deb
          Size/MD5 checksum: 39929566 545ef69eda0f41c93c1e09a3f2ff2efa
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge6_powerpc.deb
          Size/MD5 checksum:  1865952 828b0ce16533bb417a593edbcda9deac
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge6_powerpc.deb
          Size/MD5 checksum:   161836 8ccbd9c932eb05eb6cc79fd84759d5f2
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge6_powerpc.deb
          Size/MD5 checksum:   159046 bca17d24d59e847fc46e3ce3847a1a75
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge6_powerpc.deb
          Size/MD5 checksum:   142544 dd2356f4c0d924006a8340b4ac42ac76
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge6_s390.deb
          Size/MD5 checksum: 42752608 21b8a45df2205e8193977539d79df845
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge6_s390.deb
          Size/MD5 checksum:  1853012 fc6d24bf76d4967999edb066e585dd0c
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge6_s390.deb
          Size/MD5 checksum:   167062 43ea44833535e55c4593d4c66a6b887a
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge6_s390.deb
          Size/MD5 checksum:   166918 cfd508737ce96134e2f1f4e6969cde3c
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge6_s390.deb
          Size/MD5 checksum:   145564 e7fc82f32d149e99be23a85a5eae3f60
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge6_sparc.deb
          Size/MD5 checksum: 40804962 5ea6fa0ce8f275db0e841db5e46a3956
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge6_sparc.deb
          Size/MD5 checksum:  1847980 713150289b2908fd6a4cc98b13293ac3
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge6_sparc.deb
          Size/MD5 checksum:   168226 181d3b7efbdc3decebc5d605c386af14
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge6_sparc.deb
          Size/MD5 checksum:   158594 ba8b7b9491cfd6295afac1e49d87c704
        http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge6_sparc.deb
          Size/MD5 checksum:   140106 9ab2c61b292603df23efc2a7c3eb7867
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"8","type":"x","order":"1","pct":61.54,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":23.08,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":15.38,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.