SuSE: 2005-025: OpenOffice heap overflow problem Security Update


-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

                        SUSE Security Announcement

        Package:                OpenOffice_org
        Announcement-ID:        SUSE-SA:2005:025
        Date:                   Tue, 19 Apr 2005 13:00:00 +0000
        Affected products:      8.2, 9.0, 9.1, 9.2, 9.3
                                SUSE Linux Desktop 1.0
                                Novell Linux Desktop 9
        Vulnerability Type:     remote code execution
        Severity (1-10):        8
        SUSE default package:   yes
        Cross References:       CAN-2005-0941

    Content of this advisory:
        1) security vulnerability resolved:
             heap overflow in MS Word DOC file handling
           problem description
        2) solution/workaround
        3) special instructions and notes
        4) package location and checksums
        5) pending vulnerabilities, solutions, workarounds:
            See SUSE Security Summary Report.
        6) standard appendix (further information)

______________________________________________________________________________

1) problem description, brief discussion

    This security update fixes a buffer overflow in OpenOffice_org
    Microsoft Word document reader which could allow a remote attacker
    sending a handcrafted .doc file to execute code as the user
    opening the document in OpenOffice.

    This is tracked by the Mitre CVE ID CAN-2005-0941.


    WARNING: The updated packages are very large for distributions before
    SUSE Linux 9.2 and 9.3.

    The minimum download sizes for those are:
            SUSE Linux Desktop 1:   47 MB
            Novell Linux Desktop 9: 41 MB
            SUSE Linux 8.2:         37 MB
            SUSE Linux 9.0:         46 MB
            SUSE Linux 9.1:         50 MB
            SUSE Linux 9.2:          2.1 MB (using delta rpm)
            SUSE Linux 9.3:          3.5 MB (using delta rpm)

2) solution/workaround

    Install the updated packages.

    A possible workaround is to not open .DOC files from untrusted
    sources.

3) special instructions and notes

    Restart OpenOffice after the update.

4) package location and checksums

    Please download the update package for your distribution and verify its
    integrity by the methods listed in section 3) of this announcement.
    Then, install the package using the command "rpm -Fhv file.rpm" to apply
    the update.
    Our maintenance customers are being notified individually. The packages
    are being offered to install from the maintenance web.


    x86 Platform:

    SUSE Linux 9.3:
               b552f46f192457b6487b60dd7adab845
               8b3defa6812104ac95aa3ecd198c08e5
               63a174e1f5b177e8d785f14a21f5bec5
               dcc5245c56657d6e20cc714b229390fd
               bcb44ef1ef0688327e8b2304f2adfb76
               3c166f9a421f0137134d750c869748cc
               b0bfd04da81ec413eab5ab292ab4d4f4
               974366c76fe393438d9a3ab6f73b5bdb
               17d21ae9d96670aca17b116d5770d0fb
               e20309f95c285e141087f5472f0a37f2
               ca43a8e14d7662c41b8d60f1f526dca7
               b19618fd2ff92431f48f4fc36273ae1a
               a12adba49239a86e174457fb95f5c576
               36057e0d7e178478a6b6eb119e7d56df
               7d8d796f8bb9a8046b07af980f8adfc5
               2160456066a9449daff5dcf26814882b
               305e8470904629f0c8e3a278d2f0b1e9
               ab4cbc8427c84110990bcea0f7185322
               bbcef39ccd2be2b7b8611286427caf3c
               784fa5fef330224ea92ee8c7573444a5
               cf0a961f879a96af96b4b3464844f6e1
               0e041750d71900ce52dd7e0192a65693
               5f62da8fbdb0da4b63612a2b02a36dc1
               dab43fb02881dd04a1f24b56a5f11f71
               11be2bff9e95a2ae2b87cbb3ae763f46
               c0a8ba848b1b266b0d13f7905fe234e6
               3f267e1277041393fcd28cc4cee59cf7
               05bb29569bfdf851ac2c4d268c58bead

    SUSE Linux 9.2:
               2293f4e4c6ab47b0614f7e9988273d6c
               bb0f47a473f4262c2cdf8cd49e2564f9
               7e2263e7703856b184cc8a76f799732a
               32d6b6ee86e395c442654409f11e9c9c
               dca243c3ad1747021b1f5c7074e1e3b7
               39f68abc86e4a5e33d42957d8a37af01
               20eddfbefd818c8d1cfe599898893c50
               4068f98e7f40d66905e5a253a2470cba
               0a4286d62466addf22bb2bba7ab0c309
               a3effffec6221f5e1edda0da2502fa77
               7bca5b49f4ecd97331efdd8b9d02704f
               79eec2c6b39a24a80f2a2030167d327b
               640b167beaedb0e400a9945fbdec3346
               fec069d75bd3036d9181789e47d5ff11
               2fae2a1136717f97eefb55eb86571099
               0f170766b94adf4f0c86d2b251ef80b8
               0b39736cdeab86262746d52f6ca6f4be
               ba6a72c373198ff4509e9870cb16f253
               7a443cc6cb4d6880ffb1e02fa3aa0ba7
               dc6f63e7b9141838a46fa4738f038e58
               eca5ce05d506b0aeda52c89f4558cecd
               799d8c7f09c3459f90032d25be0f5525
               01ebf77e4e283925a6506a24c3e8d865
               aec3c6e8b4143d97f1b6d35bf1f3dc8a
               8b074f282d1bb4d9883324f07ca5797e
               0cd956b13b0bfa1b478f238426b61813
               09586c7bc9801d9a4b7ab5c026d88880
               101e72d1f892b22d585688aad67ed5a8
               73dbea37ec2f089f0932956782e4c923

    SUSE Linux 9.1:
               acfc765af694e2dbad866400ff35baf1
               0af9c4a72afa6e6fdde2b0bcc096666f
               da472e7cea51097743762bc6a2608aa4
               70fdd4f83e0f18b1895e142b4e8f0f41
               23e05864cc3993ea28b414b9fb8c14ad
               cd516d937d0f11b99f9b89950136eac6
               74e823e5c1af46a94a1439ceca09bf08
               04e1cf5845598f842cca8a142e963206
               d23180d06e4ee6aa2d92a3b3d4ff9036
               2d48b32b780c40ba6edf87f205252f6f
               84eb506c11c687852d747e34ad58adb7
               7fc4d93253f873a84d5dcf1be56ea02b
               d317a379e5e8d0dbd5c2637ebffdb978
               84b4466a0ad38e1bee97bd76de10a650
               8dd0108842f786c5278413017c178bd8
               f09448181bc7b7a4f0076694ec29f073
               637c906b339a24e984a6ee080dc57f42
               3b98ed06cb70895123b5bc9cbe8744b7
               467c41efec48271d291cceb38709a2aa
               a475fe4fb2a99341831fdc6da07497d0
               ad03e64157d0c0ba9a31f2e3cc8c78f8
               5efef74ffe625cf6e4f38b8738211a25
               fee1d6e9f05d59b95561dbe192ae927f
               1ce11a3e8ecec9b032e4c250c7b7dcd7
               cbff62da371e49552ced339f9a5a014e
    source rpm(s):
               e30ccd2e95d5f985be7918185e5347e6

    SUSE Linux 9.0:
               2103fcc3a5de4724a96350b6c5aba23d
               24ef98c1b908db39073a792959a412db
               8b9b494f4ec8e0cad1a14c025fbe5025
               a4f199cd7d077552b80b96fa8f573e8d
               fa8bef6b96f4f44a5e65ba471b937c7c
               182ab41d8b98cfcb25514d84f5426569
               da512b6c56065b7d6537b0385fc89f90
               7cd38f5e4381f64bd1cbf4c883b6cb6e
               227616d6355d91b6a680837b546878bc
               9f052173c82e73b578f9edfbad5a7649
               b424833a10fad334502a0c73d1842d51
               4a3706cd87d6938530d9bb7261eb7b2f
               00212453e83c014a68d51945f08cc486
               0da0e8b50393bccd6ed00aeaaef5809a
               ecfa98395e093e3ab2acb80b04cd234d
               6f50954b40c3d74c1cba1b1df920f25a
               9c052a19385612f952aff029086f6877
               ef3c9469080799b7ff1c40e8f54f72fe
               f28d7b1b30b5bfd06a5d774e424de7d9
               c0cbd660335c6418699993b1fb78a7e8
               b4d926bc3e1eea6edfd453f645d2e3bb
               0fe30e9116ef5df1e776be3322381d0a
               3c9f01c4cb808238967c386a9bbf95f2
    source rpm(s):
               6ad8a3d82246b021cedcd23f4ce74f1a

    SUSE Linux 8.2:
               6b5f9f1b9bd7dad1d62619c46e471ee4
               966b54c4cc0a7eca79386d3d7eed358d
               f857a4c91b90de7b46d9700439fc3dc4
               65706db98543bdcf84b8ff1ec3be93ca
               c574794e58d89c56b9cab405ca1462a6
               6a6eed7174ec918d4c7617728e0328c3
               7428286d640ca1c4e0e8572acf1fa370
               27fae82ea8f296265847e26e91ead421
               e4e70c8843084cbc9707e1baf7b9b9f4
               ae9a2d1c379be2581bd936e4f08c14bb
               401508cc4fdc89759f9c78497943456b
    source rpm(s):
               5a086c30ec314b476ef3fcc7399b921e


______________________________________________________________________________

5)  Pending vulnerabilities in SUSE Distributions and Workarounds:

    See SUSE Security Summary Report.
______________________________________________________________________________

6)  standard appendix: authenticity verification, additional information

  - Package authenticity verification:

    SUSE update packages are available on many mirror ftp servers all over
    the world. While this service is being considered valuable and important
    to the free and open source software community, many users wish to be
    sure about the origin of the package and its content before installing
    the package. There are two verification methods that can be used
    independently from each other to prove the authenticity of a downloaded
    file or rpm package:
    1) md5sums as provided in the (cryptographically signed) announcement.
    2) using the internal gpg signatures of the rpm package.

    1) execute the command
        md5sum 
       after you downloaded the file from a SUSE ftp server or its mirrors.
       Then, compare the resulting md5sum with the one that is listed in the
       announcement. Since the announcement containing the checksums is
       cryptographically signed (usually using the key security@suse.de),
       the checksums show proof of the authenticity of the package.
       We disrecommend to subscribe to security lists which cause the
       email message containing the announcement to be modified so that
       the signature does not match after transport through the mailing
       list software.
       Downsides: You must be able to verify the authenticity of the
       announcement in the first place. If RPM packages are being rebuilt
       and a new version of a package is published on the ftp server, all
       md5 sums for the files are useless.

    2) rpm package signatures provide an easy way to verify the authenticity
       of an rpm package. Use the command
        rpm -v --checksig 
       to verify the signature of the package, where  is the
       filename of the rpm package that you have downloaded. Of course,
       package authenticity verification can only target an un-installed rpm
       package file.
       Prerequisites:
        a) gpg is installed
        b) The package is signed using a certain key. The public part of this
           key must be installed by the gpg program in the directory
           ~/.gnupg/ under the user's home directory who performs the
           signature verification (usually root). You can import the key
           that is used by SUSE in rpm packages for SUSE Linux by saving
           this announcement to a file ("announcement.txt") and
           running the command (do "su -" to be root):
            gpg --batch; gpg < announcement.txt | gpg --import
           SUSE Linux distributions version 7.1 and thereafter install the
           key "build@suse.de" upon installation or upgrade, provided that
           the package gpg is installed. The file containing the public key
           is placed at the top-level directory of the first CD (pubring.gpg)
           and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .


  - SUSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   general/linux/SUSE security discussion.
            All SUSE security announcements are sent to this list.
            To subscribe, send an email to
                .

    suse-security-announce@suse.com
        -   SUSE's announce-only mailing list.
            Only SUSE's security announcements are sent to this list.
            To subscribe, send an email to
                .

    For general information or the frequently asked questions (faq)
    send mail to:
         or
         respectively.

    ====================================================================    SUSE's security contact is  or .
    The  public key is listed below.
    ====================================================================

-----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ SUSE Security Announcement Package: OpenOffice_org Announcement-ID: SUSE-SA:2005:025 Date: Tue, 19 Apr 2005 13:00:00 +0000 Affected products: 8.2, 9.0, 9.1, 9.2, 9.3 SUSE Linux Desktop 1.0 Novell Linux Desktop 9 Vulnerability Type: remote code execution Severity (1-10): 8 SUSE default package: yes Cross References: CAN-2005-0941 Content of this advisory: 1) security vulnerability resolved: heap overflow in MS Word DOC file handling problem description 2) solution/workaround 3) special instructions and notes 4) package location and checksums 5) pending vulnerabilities, solutions, workarounds: See SUSE Security Summary Report. 6) standard appendix (further information) ______________________________________________________________________________ 1) problem description, brief discussion This security update fixes a buffer overflow in OpenOffice_org Microsoft Word document reader which could allow a remote attacker sending a handcrafted .doc file to execute code as the user opening the document in OpenOffice. This is tracked by the Mitre CVE ID CAN-2005-0941. WARNING: The updated packages are very large for distributions before SUSE Linux 9.2 and 9.3. The minimum download sizes for those are: SUSE Linux Desktop 1: 47 MB Novell Linux Desktop 9: 41 MB SUSE Linux 8.2: 37 MB SUSE Linux 9.0: 46 MB SUSE Linux 9.1: 50 MB SUSE Linux 9.2: 2.1 MB (using delta rpm) SUSE Linux 9.3: 3.5 MB (using delta rpm) 2) solution/workaround Install the updated packages. A possible workaround is to not open .DOC files from untrusted sources. 3) special instructions and notes Restart OpenOffice after the update. 4) package location and checksums Please download the update package for your distribution and verify its integrity by the methods listed in section 3) of this announcement. Then, install the package using the command "rpm -Fhv file.rpm" to apply the update. Our maintenance customers are being notified individually. The packages are being offered to install from the maintenance web. x86 Platform: SUSE Linux 9.3: b552f46f192457b6487b60dd7adab845 8b3defa6812104ac95aa3ecd198c08e5 63a174e1f5b177e8d785f14a21f5bec5 dcc5245c56657d6e20cc714b229390fd bcb44ef1ef0688327e8b2304f2adfb76 3c166f9a421f0137134d750c869748cc b0bfd04da81ec413eab5ab292ab4d4f4 974366c76fe393438d9a3ab6f73b5bdb 17d21ae9d96670aca17b116d5770d0fb e20309f95c285e141087f5472f0a37f2 ca43a8e14d7662c41b8d60f1f526dca7 b19618fd2ff92431f48f4fc36273ae1a a12adba49239a86e174457fb95f5c576 36057e0d7e178478a6b6eb119e7d56df 7d8d796f8bb9a8046b07af980f8adfc5 2160456066a9449daff5dcf26814882b 305e8470904629f0c8e3a278d2f0b1e9 ab4cbc8427c84110990bcea0f7185322 bbcef39ccd2be2b7b8611286427caf3c 784fa5fef330224ea92ee8c7573444a5 cf0a961f879a96af96b4b3464844f6e1 0e041750d71900ce52dd7e0192a65693 5f62da8fbdb0da4b63612a2b02a36dc1 dab43fb02881dd04a1f24b56a5f11f71 11be2bff9e95a2ae2b87cbb3ae763f46 c0a8ba848b1b266b0d13f7905fe234e6 3f267e1277041393fcd28cc4cee59cf7 05bb29569bfdf851ac2c4d268c58bead SUSE Linux 9.2: 2293f4e4c6ab47b0614f7e9988273d6c bb0f47a473f4262c2cdf8cd49e2564f9 7e2263e7703856b184cc8a76f799732a 32d6b6ee86e395c442654409f11e9c9c dca243c3ad1747021b1f5c7074e1e3b7 39f68abc86e4a5e33d42957d8a37af01 20eddfbefd818c8d1cfe599898893c50 4068f98e7f40d66905e5a253a2470cba 0a4286d62466addf22bb2bba7ab0c309 a3effffec6221f5e1edda0da2502fa77 7bca5b49f4ecd97331efdd8b9d02704f 79eec2c6b39a24a80f2a2030167d327b 640b167beaedb0e400a9945fbdec3346 fec069d75bd3036d9181789e47d5ff11 2fae2a1136717f97eefb55eb86571099 0f170766b94adf4f0c86d2b251ef80b8 0b39736cdeab86262746d52f6ca6f4be ba6a72c373198ff4509e9870cb16f253 7a443cc6cb4d6880ffb1e02fa3aa0ba7 dc6f63e7b9141838a46fa4738f038e58 eca5ce05d506b0aeda52c89f4558cecd 799d8c7f09c3459f90032d25be0f5525 01ebf77e4e283925a6506a24c3e8d865 aec3c6e8b4143d97f1b6d35bf1f3dc8a 8b074f282d1bb4d9883324f07ca5797e 0cd956b13b0bfa1b478f238426b61813 09586c7bc9801d9a4b7ab5c026d88880 101e72d1f892b22d585688aad67ed5a8 73dbea37ec2f089f0932956782e4c923 SUSE Linux 9.1: acfc765af694e2dbad866400ff35baf1 0af9c4a72afa6e6fdde2b0bcc096666f da472e7cea51097743762bc6a2608aa4 70fdd4f83e0f18b1895e142b4e8f0f41 23e05864cc3993ea28b414b9fb8c14ad cd516d937d0f11b99f9b89950136eac6 74e823e5c1af46a94a1439ceca09bf08 04e1cf5845598f842cca8a142e963206 d23180d06e4ee6aa2d92a3b3d4ff9036 2d48b32b780c40ba6edf87f205252f6f 84eb506c11c687852d747e34ad58adb7 7fc4d93253f873a84d5dcf1be56ea02b d317a379e5e8d0dbd5c2637ebffdb978 84b4466a0ad38e1bee97bd76de10a650 8dd0108842f786c5278413017c178bd8 f09448181bc7b7a4f0076694ec29f073 637c906b339a24e984a6ee080dc57f42 3b98ed06cb70895123b5bc9cbe8744b7 467c41efec48271d291cceb38709a2aa a475fe4fb2a99341831fdc6da07497d0 ad03e64157d0c0ba9a31f2e3cc8c78f8 5efef74ffe625cf6e4f38b8738211a25 fee1d6e9f05d59b95561dbe192ae927f 1ce11a3e8ecec9b032e4c250c7b7dcd7 cbff62da371e49552ced339f9a5a014e source rpm(s): e30ccd2e95d5f985be7918185e5347e6 SUSE Linux 9.0: 2103fcc3a5de4724a96350b6c5aba23d 24ef98c1b908db39073a792959a412db 8b9b494f4ec8e0cad1a14c025fbe5025 a4f199cd7d077552b80b96fa8f573e8d fa8bef6b96f4f44a5e65ba471b937c7c 182ab41d8b98cfcb25514d84f5426569 da512b6c56065b7d6537b0385fc89f90 7cd38f5e4381f64bd1cbf4c883b6cb6e 227616d6355d91b6a680837b546878bc 9f052173c82e73b578f9edfbad5a7649 b424833a10fad334502a0c73d1842d51 4a3706cd87d6938530d9bb7261eb7b2f 00212453e83c014a68d51945f08cc486 0da0e8b50393bccd6ed00aeaaef5809a ecfa98395e093e3ab2acb80b04cd234d 6f50954b40c3d74c1cba1b1df920f25a 9c052a19385612f952aff029086f6877 ef3c9469080799b7ff1c40e8f54f72fe f28d7b1b30b5bfd06a5d774e424de7d9 c0cbd660335c6418699993b1fb78a7e8 b4d926bc3e1eea6edfd453f645d2e3bb 0fe30e9116ef5df1e776be3322381d0a 3c9f01c4cb808238967c386a9bbf95f2 source rpm(s): 6ad8a3d82246b021cedcd23f4ce74f1a SUSE Linux 8.2: 6b5f9f1b9bd7dad1d62619c46e471ee4 966b54c4cc0a7eca79386d3d7eed358d f857a4c91b90de7b46d9700439fc3dc4 65706db98543bdcf84b8ff1ec3be93ca c574794e58d89c56b9cab405ca1462a6 6a6eed7174ec918d4c7617728e0328c3 7428286d640ca1c4e0e8572acf1fa370 27fae82ea8f296265847e26e91ead421 e4e70c8843084cbc9707e1baf7b9b9f4 ae9a2d1c379be2581bd936e4f08c14bb 401508cc4fdc89759f9c78497943456b source rpm(s): 5a086c30ec314b476ef3fcc7399b921e ______________________________________________________________________________ 5) Pending vulnerabilities in SUSE Distributions and Workarounds: See SUSE Security Summary Report. ______________________________________________________________________________ 6) standard appendix: authenticity verification, additional information - Package authenticity verification: SUSE update packages are available on many mirror ftp servers all over the world. While this service is being considered valuable and important to the free and open source software community, many users wish to be sure about the origin of the package and its content before installing the package. There are two verification methods that can be used independently from each other to prove the authenticity of a downloaded file or rpm package: 1) md5sums as provided in the (cryptographically signed) announcement. 2) using the internal gpg signatures of the rpm package. 1) execute the command md5sum after you downloaded the file from a SUSE ftp server or its mirrors. Then, compare the resulting md5sum with the one that is listed in the announcement. Since the announcement containing the checksums is cryptographically signed (usually using the key security@suse.de), the checksums show proof of the authenticity of the package. We disrecommend to subscribe to security lists which cause the email message containing the announcement to be modified so that the signature does not match after transport through the mailing list software. Downsides: You must be able to verify the authenticity of the announcement in the first place. If RPM packages are being rebuilt and a new version of a package is published on the ftp server, all md5 sums for the files are useless. 2) rpm package signatures provide an easy way to verify the authenticity of an rpm package. Use the command rpm -v --checksig to verify the signature of the package, where is the filename of the rpm package that you have downloaded. Of course, package authenticity verification can only target an un-installed rpm package file. Prerequisites: a) gpg is installed b) The package is signed using a certain key. The public part of this key must be installed by the gpg program in the directory ~/.gnupg/ under the user's home directory who performs the signature verification (usually root). You can import the key that is used by SUSE in rpm packages for SUSE Linux by saving this announcement to a file ("announcement.txt") and running the command (do "su -" to be root): gpg --batch; gpg < announcement.txt | gpg --import SUSE Linux distributions version 7.1 and thereafter install the key "build@suse.de" upon installation or upgrade, provided that the package gpg is installed. The file containing the public key is placed at the top-level directory of the first CD (pubring.gpg) and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de . - SUSE runs two security mailing lists to which any interested party may subscribe: suse-security@suse.com - general/linux/SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an email to . suse-security-announce@suse.com - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an email to . For general information or the frequently asked questions (faq) send mail to: or respectively. ==================================================================== SUSE's security contact is or . The public key is listed below. ====================================================================

SuSE: 2005-025: OpenOffice heap overflow problem Security Update

Summary

References

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By