Date:         Fri, 19 Feb 2010 13:48:59 -0600
Reply-To:     Troy Dawson 
Sender:       Security Errata for Scientific Linux
              
From:         Troy Dawson 
Subject:      Security ERRATA Important: openoffice.org on SL4.x i386/x86_64
Comments: To: "scientific-linux-errata@fnal.gov"
          

Synopsis:	Important: openoffice.org security update
Issue date:	2010-02-12
CVE Names:	CVE-2009-2949 CVE-2009-2950 CVE-2009-3301
                    CVE-2009-3302

CVE-2009-2950 openoffice.org: GIF file parsing heap overflow
CVE-2009-2949 openoffice.org: integer overflow in XPM processing
CVE-2009-3301 OpenOffice.org Word sprmTDefTable Memory Corruption
CVE-2009-3302 OpenOffice.org Word sprmTSetBrc Memory Corruption

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way OpenOffice.org parsed XPM files. An attacker could
create a specially-crafted document, which once opened by a local,
unsuspecting user, could lead to arbitrary code execution with the
permissions of the user running OpenOffice.org. Note: This flaw affects
embedded XPM files in OpenOffice.org documents as well as stand-alone
XPM files. (CVE-2009-2949)

An integer underflow flaw and a boundary error flaw, both possibly
leading to a heap-based buffer overflow, were found in the way
OpenOffice.org parsed certain records in Microsoft Word documents. An
attacker could create a specially-crafted Microsoft Word document, which
once opened by a local, unsuspecting user, could cause OpenOffice.org to
crash or, potentially, execute arbitrary code with the permissions of
the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302)

A heap-based buffer overflow flaw, leading to memory corruption, was
found in the way OpenOffice.org parsed GIF files. An attacker could
create a specially-crafted document, which once opened by a local,
unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw
affects embedded GIF files in OpenOffice.org documents as well as
stand-alone GIF files. (CVE-2009-2950)

All running instances of OpenOffice.org applications must be restarted
for this update to take effect.


SL 4.x

     SRPMS:
openoffice.org-1.1.5-10.6.0.7.EL4.3.src.rpm
openoffice.org2-2.0.4-5.7.0.6.1.el4_8.3.src.rpm
     i386:
openoffice.org-1.1.5-10.6.0.7.EL4.3.i386.rpm
openoffice.org2-base-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-calc-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-core-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-draw-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-emailmerge-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-graphicfilter-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-impress-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-javafilter-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ar-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-bn-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-de-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-es-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-fr-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-it-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-nl-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ru-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-sv-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-math-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-pyuno-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-testtools-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-writer-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-xsltfilter-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org-i18n-1.1.5-10.6.0.7.EL4.3.i386.rpm
openoffice.org-kde-1.1.5-10.6.0.7.EL4.3.i386.rpm
openoffice.org-libs-1.1.5-10.6.0.7.EL4.3.i386.rpm

     x86_64:
openoffice.org-1.1.5-10.6.0.7.EL4.3.i386.rpm
openoffice.org2-base-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-calc-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-core-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-draw-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-emailmerge-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-graphicfilter-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-impress-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-javafilter-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-af_ZA-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ar-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-bg_BG-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-bn-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ca_ES-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-cs_CZ-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-cy_GB-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-de-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-el_GR-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-es-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-et_EE-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-fi_FI-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-fr-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-gl_ES-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-gu_IN-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-he_IL-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-hi_IN-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-hr_HR-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-it-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ja_JP-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ko_KR-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-lt_LT-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ms_MY-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-nb_NO-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-nl-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-pa_IN-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-pt_BR-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-pt_PT-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ru-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-sk_SK-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-sl_SI-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-sr_CS-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-sv-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-ta_IN-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-th_TH-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-tr_TR-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-zh_CN-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-zh_TW-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-langpack-zu_ZA-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-math-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-pyuno-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-testtools-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-writer-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org2-xsltfilter-2.0.4-5.7.0.6.1.3.i386.rpm
openoffice.org-i18n-1.1.5-10.6.0.7.EL4.3.i386.rpm
openoffice.org-kde-1.1.5-10.6.0.7.EL4.3.i386.rpm
openoffice.org-libs-1.1.5-10.6.0.7.EL4.3.i386.rpm

-Connie Sieh
-Troy Dawson