[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040928065230.21351.qmail@updates.mandrakesoft.com>
Date: 28 Sep 2004 06:52:30 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:103 - Updated OpenOffice.org packages fix temporary file vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: OpenOffice.org
Advisory ID: MDKSA-2004:103
Date: September 27th, 2004
Affected versions: 10.0
______________________________________________________________________
Problem Description:
A vulnerability in OpenOffice.org was reported by pmladek where a
local user may be able to obtain and read documents that belong to
another user. The way that OpenOffice.org created temporary files,
which used the user's umask to create the file, could potentially
allow for other users to have read access to the document (again,
dependant upon the user's umask).
The updated packages have been patched to prevent this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0752
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
6dcdf713f9b86b9fb8c1d2a652aca05c 10.0/RPMS/OpenOffice.org-1.1.2-8.100mdk.i586.rpm
82586f5dd2c3b873442086174d17263b 10.0/RPMS/OpenOffice.org-help-cs-1.1.2-8.100mdk.i586.rpm
e9c7967557e4aa63203475126c922470 10.0/RPMS/OpenOffice.org-help-de-1.1.2-8.100mdk.i586.rpm
91e537d10cc754b4b1c89fb4e48580d8 10.0/RPMS/OpenOffice.org-help-en-1.1.2-8.100mdk.i586.rpm
988366f3e410d001567ddefd2c855c8f 10.0/RPMS/OpenOffice.org-help-es-1.1.2-8.100mdk.i586.rpm
ecdb9c92c23f33c4548bd5f8e6d15e89 10.0/RPMS/OpenOffice.org-help-eu-1.1.2-8.100mdk.i586.rpm
34398abee71ee44bbd73f8999cc927fa 10.0/RPMS/OpenOffice.org-help-fi-1.1.2-8.100mdk.i586.rpm
7dfda7c433d14a852004de3233a649e8 10.0/RPMS/OpenOffice.org-help-fr-1.1.2-8.100mdk.i586.rpm
d95e356f7327acfe7db669ef86ad3145 10.0/RPMS/OpenOffice.org-help-it-1.1.2-8.100mdk.i586.rpm
e59ed8acd4a2e287545a59d87b330580 10.0/RPMS/OpenOffice.org-help-ja-1.1.2-8.100mdk.i586.rpm
b859c002405c021e32ff9bb43c0f6c6d 10.0/RPMS/OpenOffice.org-help-ko-1.1.2-8.100mdk.i586.rpm
1a31ed1c4fae0193cc55a70ae65f0045 10.0/RPMS/OpenOffice.org-help-nl-1.1.2-8.100mdk.i586.rpm
10118f1f329abbfcdc6d0123f07e7400 10.0/RPMS/OpenOffice.org-help-ru-1.1.2-8.100mdk.i586.rpm
8258eeb4b6db30fad630655197b841ef 10.0/RPMS/OpenOffice.org-help-sk-1.1.2-8.100mdk.i586.rpm
4b2f8b6890d6cce15416bd30e4e0286d 10.0/RPMS/OpenOffice.org-help-sv-1.1.2-8.100mdk.i586.rpm
dab28c6494f154cc65b669e1817be46f 10.0/RPMS/OpenOffice.org-help-zh_CN-1.1.2-8.100mdk.i586.rpm
50f2019f947e8ec8997667d4e63d20a1 10.0/RPMS/OpenOffice.org-help-zh_TW-1.1.2-8.100mdk.i586.rpm
6a6b435b956973b166128212b7d663d4 10.0/RPMS/OpenOffice.org-l10n-ar-1.1.2-8.100mdk.i586.rpm
ac19524d6f8a9672e3c60e324c081d64 10.0/RPMS/OpenOffice.org-l10n-ca-1.1.2-8.100mdk.i586.rpm
94ac592c89da0ce121b5de7e8de9e974 10.0/RPMS/OpenOffice.org-l10n-cs-1.1.2-8.100mdk.i586.rpm
2354116aebb06ae56f40eb306dccb7ea 10.0/RPMS/OpenOffice.org-l10n-da-1.1.2-8.100mdk.i586.rpm
cb268d3ab6be233d79c16b20903c33c6 10.0/RPMS/OpenOffice.org-l10n-de-1.1.2-8.100mdk.i586.rpm
bd12ab884f02324e42367dfb5271c688 10.0/RPMS/OpenOffice.org-l10n-el-1.1.2-8.100mdk.i586.rpm
314e3e1a45e2968ffbf7f1ec6a5487cd 10.0/RPMS/OpenOffice.org-l10n-en-1.1.2-8.100mdk.i586.rpm
2833ed7bd2f95f788e2dfeac729f2473 10.0/RPMS/OpenOffice.org-l10n-es-1.1.2-8.100mdk.i586.rpm
6c9e53a4daf5f1f872556f2e374b742c 10.0/RPMS/OpenOffice.org-l10n-et-1.1.2-8.100mdk.i586.rpm
d3c53b97c8d3a765c55599be649d5a30 10.0/RPMS/OpenOffice.org-l10n-eu-1.1.2-8.100mdk.i586.rpm
08705cc3571f13e0c115b5e6b0f10cdc 10.0/RPMS/OpenOffice.org-l10n-fi-1.1.2-8.100mdk.i586.rpm
95374fe47baf5807c0e523554c9a4a4d 10.0/RPMS/OpenOffice.org-l10n-fr-1.1.2-8.100mdk.i586.rpm
70b73f0f2c6e2f35933568be3b642f8c 10.0/RPMS/OpenOffice.org-l10n-it-1.1.2-8.100mdk.i586.rpm
83fdca6056dfd504917d491f4b8166c1 10.0/RPMS/OpenOffice.org-l10n-ja-1.1.2-8.100mdk.i586.rpm
2fb3b05070d2928f0ca2357adf1749d5 10.0/RPMS/OpenOffice.org-l10n-ko-1.1.2-8.100mdk.i586.rpm
ff994fed500ce3a68228ecb38d09b7e1 10.0/RPMS/OpenOffice.org-l10n-nb-1.1.2-8.100mdk.i586.rpm
cb0d8319d68c935c7a28e263bc4cd84f 10.0/RPMS/OpenOffice.org-l10n-nl-1.1.2-8.100mdk.i586.rpm
8d29108101a3d6f63e28f63cc3df3577 10.0/RPMS/OpenOffice.org-l10n-nn-1.1.2-8.100mdk.i586.rpm
2e1c5879febfd8507b0a9d973e6cc855 10.0/RPMS/OpenOffice.org-l10n-pl-1.1.2-8.100mdk.i586.rpm
097d9e64dbd3487d58efc724d0db958a 10.0/RPMS/OpenOffice.org-l10n-pt-1.1.2-8.100mdk.i586.rpm
69d94c008dfaf2993dc5106d44704b6e 10.0/RPMS/OpenOffice.org-l10n-pt_BR-1.1.2-8.100mdk.i586.rpm
a058aa946632b9578f24d2aa5d98c708 10.0/RPMS/OpenOffice.org-l10n-ru-1.1.2-8.100mdk.i586.rpm
8e541d03cec5d83e206845a3384b8aba 10.0/RPMS/OpenOffice.org-l10n-sk-1.1.2-8.100mdk.i586.rpm
a730904f48b2595ded3dbc52890c0f5b 10.0/RPMS/OpenOffice.org-l10n-sv-1.1.2-8.100mdk.i586.rpm
e1476628aa0e5d044e7ef5ae19105b4f 10.0/RPMS/OpenOffice.org-l10n-tr-1.1.2-8.100mdk.i586.rpm
91324079d5e05b18bf7a39b52dc4ddd1 10.0/RPMS/OpenOffice.org-l10n-zh_CN-1.1.2-8.100mdk.i586.rpm
e31bc4300a938e2aed4ab516b9e90cc8 10.0/RPMS/OpenOffice.org-l10n-zh_TW-1.1.2-8.100mdk.i586.rpm
d5c134900a302525f24b44d2d0edb2b2 10.0/RPMS/OpenOffice.org-libs-1.1.2-8.100mdk.i586.rpm
56fb619d14aae1230983490f93db8353 10.0/SRPMS/OpenOffice.org-1.1.2-8.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
6dcdf713f9b86b9fb8c1d2a652aca05c amd64/10.0/RPMS/OpenOffice.org-1.1.2-8.100mdk.i586.rpm
82586f5dd2c3b873442086174d17263b amd64/10.0/RPMS/OpenOffice.org-help-cs-1.1.2-8.100mdk.i586.rpm
e9c7967557e4aa63203475126c922470 amd64/10.0/RPMS/OpenOffice.org-help-de-1.1.2-8.100mdk.i586.rpm
91e537d10cc754b4b1c89fb4e48580d8 amd64/10.0/RPMS/OpenOffice.org-help-en-1.1.2-8.100mdk.i586.rpm
988366f3e410d001567ddefd2c855c8f amd64/10.0/RPMS/OpenOffice.org-help-es-1.1.2-8.100mdk.i586.rpm
ecdb9c92c23f33c4548bd5f8e6d15e89 amd64/10.0/RPMS/OpenOffice.org-help-eu-1.1.2-8.100mdk.i586.rpm
34398abee71ee44bbd73f8999cc927fa amd64/10.0/RPMS/OpenOffice.org-help-fi-1.1.2-8.100mdk.i586.rpm
7dfda7c433d14a852004de3233a649e8 amd64/10.0/RPMS/OpenOffice.org-help-fr-1.1.2-8.100mdk.i586.rpm
d95e356f7327acfe7db669ef86ad3145 amd64/10.0/RPMS/OpenOffice.org-help-it-1.1.2-8.100mdk.i586.rpm
e59ed8acd4a2e287545a59d87b330580 amd64/10.0/RPMS/OpenOffice.org-help-ja-1.1.2-8.100mdk.i586.rpm
b859c002405c021e32ff9bb43c0f6c6d amd64/10.0/RPMS/OpenOffice.org-help-ko-1.1.2-8.100mdk.i586.rpm
1a31ed1c4fae0193cc55a70ae65f0045 amd64/10.0/RPMS/OpenOffice.org-help-nl-1.1.2-8.100mdk.i586.rpm
10118f1f329abbfcdc6d0123f07e7400 amd64/10.0/RPMS/OpenOffice.org-help-ru-1.1.2-8.100mdk.i586.rpm
8258eeb4b6db30fad630655197b841ef amd64/10.0/RPMS/OpenOffice.org-help-sk-1.1.2-8.100mdk.i586.rpm
4b2f8b6890d6cce15416bd30e4e0286d amd64/10.0/RPMS/OpenOffice.org-help-sv-1.1.2-8.100mdk.i586.rpm
dab28c6494f154cc65b669e1817be46f amd64/10.0/RPMS/OpenOffice.org-help-zh_CN-1.1.2-8.100mdk.i586.rpm
50f2019f947e8ec8997667d4e63d20a1 amd64/10.0/RPMS/OpenOffice.org-help-zh_TW-1.1.2-8.100mdk.i586.rpm
6a6b435b956973b166128212b7d663d4 amd64/10.0/RPMS/OpenOffice.org-l10n-ar-1.1.2-8.100mdk.i586.rpm
ac19524d6f8a9672e3c60e324c081d64 amd64/10.0/RPMS/OpenOffice.org-l10n-ca-1.1.2-8.100mdk.i586.rpm
94ac592c89da0ce121b5de7e8de9e974 amd64/10.0/RPMS/OpenOffice.org-l10n-cs-1.1.2-8.100mdk.i586.rpm
2354116aebb06ae56f40eb306dccb7ea amd64/10.0/RPMS/OpenOffice.org-l10n-da-1.1.2-8.100mdk.i586.rpm
cb268d3ab6be233d79c16b20903c33c6 amd64/10.0/RPMS/OpenOffice.org-l10n-de-1.1.2-8.100mdk.i586.rpm
bd12ab884f02324e42367dfb5271c688 amd64/10.0/RPMS/OpenOffice.org-l10n-el-1.1.2-8.100mdk.i586.rpm
314e3e1a45e2968ffbf7f1ec6a5487cd amd64/10.0/RPMS/OpenOffice.org-l10n-en-1.1.2-8.100mdk.i586.rpm
2833ed7bd2f95f788e2dfeac729f2473 amd64/10.0/RPMS/OpenOffice.org-l10n-es-1.1.2-8.100mdk.i586.rpm
6c9e53a4daf5f1f872556f2e374b742c amd64/10.0/RPMS/OpenOffice.org-l10n-et-1.1.2-8.100mdk.i586.rpm
d3c53b97c8d3a765c55599be649d5a30 amd64/10.0/RPMS/OpenOffice.org-l10n-eu-1.1.2-8.100mdk.i586.rpm
08705cc3571f13e0c115b5e6b0f10cdc amd64/10.0/RPMS/OpenOffice.org-l10n-fi-1.1.2-8.100mdk.i586.rpm
95374fe47baf5807c0e523554c9a4a4d amd64/10.0/RPMS/OpenOffice.org-l10n-fr-1.1.2-8.100mdk.i586.rpm
70b73f0f2c6e2f35933568be3b642f8c amd64/10.0/RPMS/OpenOffice.org-l10n-it-1.1.2-8.100mdk.i586.rpm
83fdca6056dfd504917d491f4b8166c1 amd64/10.0/RPMS/OpenOffice.org-l10n-ja-1.1.2-8.100mdk.i586.rpm
2fb3b05070d2928f0ca2357adf1749d5 amd64/10.0/RPMS/OpenOffice.org-l10n-ko-1.1.2-8.100mdk.i586.rpm
ff994fed500ce3a68228ecb38d09b7e1 amd64/10.0/RPMS/OpenOffice.org-l10n-nb-1.1.2-8.100mdk.i586.rpm
cb0d8319d68c935c7a28e263bc4cd84f amd64/10.0/RPMS/OpenOffice.org-l10n-nl-1.1.2-8.100mdk.i586.rpm
8d29108101a3d6f63e28f63cc3df3577 amd64/10.0/RPMS/OpenOffice.org-l10n-nn-1.1.2-8.100mdk.i586.rpm
2e1c5879febfd8507b0a9d973e6cc855 amd64/10.0/RPMS/OpenOffice.org-l10n-pl-1.1.2-8.100mdk.i586.rpm
097d9e64dbd3487d58efc724d0db958a amd64/10.0/RPMS/OpenOffice.org-l10n-pt-1.1.2-8.100mdk.i586.rpm
69d94c008dfaf2993dc5106d44704b6e amd64/10.0/RPMS/OpenOffice.org-l10n-pt_BR-1.1.2-8.100mdk.i586.rpm
a058aa946632b9578f24d2aa5d98c708 amd64/10.0/RPMS/OpenOffice.org-l10n-ru-1.1.2-8.100mdk.i586.rpm
8e541d03cec5d83e206845a3384b8aba amd64/10.0/RPMS/OpenOffice.org-l10n-sk-1.1.2-8.100mdk.i586.rpm
a730904f48b2595ded3dbc52890c0f5b amd64/10.0/RPMS/OpenOffice.org-l10n-sv-1.1.2-8.100mdk.i586.rpm
e1476628aa0e5d044e7ef5ae19105b4f amd64/10.0/RPMS/OpenOffice.org-l10n-tr-1.1.2-8.100mdk.i586.rpm
91324079d5e05b18bf7a39b52dc4ddd1 amd64/10.0/RPMS/OpenOffice.org-l10n-zh_CN-1.1.2-8.100mdk.i586.rpm
e31bc4300a938e2aed4ab516b9e90cc8 amd64/10.0/RPMS/OpenOffice.org-l10n-zh_TW-1.1.2-8.100mdk.i586.rpm
d5c134900a302525f24b44d2d0edb2b2 amd64/10.0/RPMS/OpenOffice.org-libs-1.1.2-8.100mdk.i586.rpm
56fb619d14aae1230983490f93db8353 amd64/10.0/SRPMS/OpenOffice.org-1.1.2-8.100mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBWQoumqjQ0CJFipgRAnlMAKChxOOrnZmlId15vUeNCljeQ7vIwgCg7Kyn
WNQKkDIyXhwT7rRImOU6ymY=
=32RL
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists