lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1Jrza4-0005BB-Qw@titan.mandriva.com>
Date: Fri, 02 May 2008 12:02:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:095 ] - Updated OpenOffice.org
 packages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:095
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : openoffice.org
 Date    : May 2, 2008
 Affected: 2008.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org could
 allow user-assisted remote attackers to execute arbitrary Java code
 via crafted database documents (CVE-2007-4575).
 
 A heap overflow was discovered in OpenOffice.org's EMF parser.
 An attacker could create a carefully crafted EMF file that could
 cause OpenOffice.org to crash or potentially execute arbitrary code
 if the malicious EMF image was added to a document or if a document
 containing such an EMF file was opened (CVE-2007-5746).
 
 Multiple heap overflows and an integer underflow were discovered in the
 Quattro Pro(R) import filter.  An attacker could create a carefully
 crafted Quattro Pro file that could cause OpenOffice.org ro crash or
 potentially execute arbitraty code (CVE-2007-5745, CVE-2007-5747).
 
 A heap overflow was discovered in the OLE Structured Storage file
 parser, a format used by Microsoft Office documents.  An attacker could
 create a carefully crafted OLE file that could cause OpenOffice.org
 to crash or potentially execute arbitrary code (CVE-2008-0320).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4575
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5745
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5746
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5747
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0320
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2008.0:
 72798954ff44449ad9203fdce7130a62  2008.0/i586/openoffice.org-2.2.1-4.4mdv2008.0.i586.rpm
 6a537faa29607ffef0a6544f5501a393  2008.0/i586/openoffice.org-devel-2.2.1-4.4mdv2008.0.i586.rpm
 882be28f508c5b922378aafa6be1113b  2008.0/i586/openoffice.org-devel-doc-2.2.1-4.4mdv2008.0.i586.rpm
 d2cb90d3441f95836643e75012bf95d1  2008.0/i586/openoffice.org-galleries-2.2.1-4.4mdv2008.0.i586.rpm
 d0742126a62fcc7251458eebaeabd4fb  2008.0/i586/openoffice.org-gnome-2.2.1-4.4mdv2008.0.i586.rpm
 0e6c20146f75d8922c679db7b06bd4be  2008.0/i586/openoffice.org-kde-2.2.1-4.4mdv2008.0.i586.rpm
 e1161013ec13e2e3138d578539cb5f37  2008.0/i586/openoffice.org-l10n-af-2.2.1-4.4mdv2008.0.i586.rpm
 b3663ed4b3c533d0e9188540acb9d6ea  2008.0/i586/openoffice.org-l10n-ar-2.2.1-4.4mdv2008.0.i586.rpm
 00d753cc4308935b4a704d08385dfe21  2008.0/i586/openoffice.org-l10n-bg-2.2.1-4.4mdv2008.0.i586.rpm
 ce6c8bc0b6b63574d6e50d2a63b5c670  2008.0/i586/openoffice.org-l10n-br-2.2.1-4.4mdv2008.0.i586.rpm
 572f6fde12b683e7ec47a2d3e49493fc  2008.0/i586/openoffice.org-l10n-bs-2.2.1-4.4mdv2008.0.i586.rpm
 055e27ae44d8dc7a4322d835da7da993  2008.0/i586/openoffice.org-l10n-ca-2.2.1-4.4mdv2008.0.i586.rpm
 97b37e8e03bec178607d71d0d58b14d6  2008.0/i586/openoffice.org-l10n-cs-2.2.1-4.4mdv2008.0.i586.rpm
 8975fed89790697fc1d791ee040c1193  2008.0/i586/openoffice.org-l10n-cy-2.2.1-4.4mdv2008.0.i586.rpm
 22b0b401e8c1dd731a455f9fbc7c7dbe  2008.0/i586/openoffice.org-l10n-da-2.2.1-4.4mdv2008.0.i586.rpm
 ed1a1f10985d483cb32f17e5c1d9e2d5  2008.0/i586/openoffice.org-l10n-de-2.2.1-4.4mdv2008.0.i586.rpm
 95888fffe3dfd1d4e81863016c98fdd4  2008.0/i586/openoffice.org-l10n-el-2.2.1-4.4mdv2008.0.i586.rpm
 ddff2b506a75655ba1a864cc308bdb74  2008.0/i586/openoffice.org-l10n-en_GB-2.2.1-4.4mdv2008.0.i586.rpm
 647ff67a9e986c56b858784ac409f628  2008.0/i586/openoffice.org-l10n-es-2.2.1-4.4mdv2008.0.i586.rpm
 2e9730e46b79e6b5cc00ec6241d72a40  2008.0/i586/openoffice.org-l10n-et-2.2.1-4.4mdv2008.0.i586.rpm
 5ebf6059a75498d3c254b3a5c26102f7  2008.0/i586/openoffice.org-l10n-eu-2.2.1-4.4mdv2008.0.i586.rpm
 51770048207446d31c2560439f1f1c96  2008.0/i586/openoffice.org-l10n-fi-2.2.1-4.4mdv2008.0.i586.rpm
 497785ba862bcc7ccf58e86d9339839c  2008.0/i586/openoffice.org-l10n-fr-2.2.1-4.4mdv2008.0.i586.rpm
 a9cd13bc39e594e2e0b328a494a05e59  2008.0/i586/openoffice.org-l10n-he-2.2.1-4.4mdv2008.0.i586.rpm
 acaab185b3eeedd24ade68134e0bae3a  2008.0/i586/openoffice.org-l10n-hi-2.2.1-4.4mdv2008.0.i586.rpm
 416d29a882ee24fb51e37ca233650f92  2008.0/i586/openoffice.org-l10n-hu-2.2.1-4.4mdv2008.0.i586.rpm
 51ee97ed40d9e3bd425e66e4643c213b  2008.0/i586/openoffice.org-l10n-it-2.2.1-4.4mdv2008.0.i586.rpm
 2eec359c15bb910226c01d0c75b303cf  2008.0/i586/openoffice.org-l10n-ja-2.2.1-4.4mdv2008.0.i586.rpm
 96661d4b321482c4059fd1ec0a7a3406  2008.0/i586/openoffice.org-l10n-ko-2.2.1-4.4mdv2008.0.i586.rpm
 b5c56e228e7f6d50f607ed2133eafdfc  2008.0/i586/openoffice.org-l10n-mk-2.2.1-4.4mdv2008.0.i586.rpm
 4148b2d03b06f9e3424d7e72e6ba64a7  2008.0/i586/openoffice.org-l10n-nb-2.2.1-4.4mdv2008.0.i586.rpm
 b748239254d900e79161a0b8351deb75  2008.0/i586/openoffice.org-l10n-nl-2.2.1-4.4mdv2008.0.i586.rpm
 b9242bbea24034e0d8883fdd4ac417fe  2008.0/i586/openoffice.org-l10n-nn-2.2.1-4.4mdv2008.0.i586.rpm
 a9a83327869b06b85263aac4f2ce8944  2008.0/i586/openoffice.org-l10n-pl-2.2.1-4.4mdv2008.0.i586.rpm
 d754b3ae052cac6a9f6bd4f9f8a61cf5  2008.0/i586/openoffice.org-l10n-pt-2.2.1-4.4mdv2008.0.i586.rpm
 51e3242d755dbdecb783b8c1a608d380  2008.0/i586/openoffice.org-l10n-pt_BR-2.2.1-4.4mdv2008.0.i586.rpm
 2a766fb4ad705cc9815431c8f46228a3  2008.0/i586/openoffice.org-l10n-ru-2.2.1-4.4mdv2008.0.i586.rpm
 4a5981bc0231b5a20bd56674c31386a8  2008.0/i586/openoffice.org-l10n-sk-2.2.1-4.4mdv2008.0.i586.rpm
 06483e894447c9d6e4ca0c56bb98e4e8  2008.0/i586/openoffice.org-l10n-sl-2.2.1-4.4mdv2008.0.i586.rpm
 a7f4e2bcf881d7a295b8a6f6a601b598  2008.0/i586/openoffice.org-l10n-sv-2.2.1-4.4mdv2008.0.i586.rpm
 0aee1180d9b1e91f36b47696765bfdcf  2008.0/i586/openoffice.org-l10n-ta-2.2.1-4.4mdv2008.0.i586.rpm
 98d8d02bc3d6da0a780e6d6a09de3586  2008.0/i586/openoffice.org-l10n-tr-2.2.1-4.4mdv2008.0.i586.rpm
 ec82d080ba11a9bb0a4c92fd718c3ff4  2008.0/i586/openoffice.org-l10n-zh_CN-2.2.1-4.4mdv2008.0.i586.rpm
 b1294ebbc030c8b473d3f4cac1f0f9ad  2008.0/i586/openoffice.org-l10n-zh_TW-2.2.1-4.4mdv2008.0.i586.rpm
 04420991685ad352ba76381058719d3b  2008.0/i586/openoffice.org-l10n-zu-2.2.1-4.4mdv2008.0.i586.rpm
 9d7ccd1b59dd4396d4036be8145679d0  2008.0/i586/openoffice.org-mono-2.2.1-4.4mdv2008.0.i586.rpm
 80590a32554d257c48b9ce42a76ea108  2008.0/i586/openoffice.org-ooqstart-2.2.1-4.4mdv2008.0.i586.rpm 
 1f77c6c9cfb6a0aed77a33e12cf8f1f6  2008.0/SRPMS/openoffice.org-2.2.1-4.4mdv2008.0.src.rpm
 84c73385fdcb1d0a1bc2c077f744a20f  2008.0/SRPMS/openoffice.org64-2.2.1-4.4mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 456a8013fca659dea3938f469561ef0b  2008.0/x86_64/openoffice.org64-2.2.1-4.4mdv2008.0.x86_64.rpm
 c4374226d24bfc714acb6c3015d585f2  2008.0/x86_64/openoffice.org64-devel-2.2.1-4.4mdv2008.0.x86_64.rpm
 a963feb3099659d2e16298fa6ab93ba0  2008.0/x86_64/openoffice.org64-devel-doc-2.2.1-4.4mdv2008.0.x86_64.rpm
 fa6bd2c7af34ff151e2bdc5f1723a3af  2008.0/x86_64/openoffice.org64-galleries-2.2.1-4.4mdv2008.0.x86_64.rpm
 44a3a7ee839a336e9b06d80d67785589  2008.0/x86_64/openoffice.org64-gnome-2.2.1-4.4mdv2008.0.x86_64.rpm
 8df343f9cbccecbabcb12c8901fb1b82  2008.0/x86_64/openoffice.org64-kde-2.2.1-4.4mdv2008.0.x86_64.rpm
 0b821aa43e0e78a2f99629b75211f8d9  2008.0/x86_64/openoffice.org64-l10n-af-2.2.1-4.4mdv2008.0.x86_64.rpm
 8d5a1da2f98ed8eb54a77732c01cb1c1  2008.0/x86_64/openoffice.org64-l10n-ar-2.2.1-4.4mdv2008.0.x86_64.rpm
 2f93835ea0677728552b6aaf8752fd98  2008.0/x86_64/openoffice.org64-l10n-bg-2.2.1-4.4mdv2008.0.x86_64.rpm
 68cecc3d640bd1605b51e125e83b0842  2008.0/x86_64/openoffice.org64-l10n-br-2.2.1-4.4mdv2008.0.x86_64.rpm
 e89b07e667940059458c45822269297f  2008.0/x86_64/openoffice.org64-l10n-bs-2.2.1-4.4mdv2008.0.x86_64.rpm
 d40fc83e01482ac9eca8802ee21533f2  2008.0/x86_64/openoffice.org64-l10n-ca-2.2.1-4.4mdv2008.0.x86_64.rpm
 17022bd83ffc77f40c23402b97a7bb10  2008.0/x86_64/openoffice.org64-l10n-cs-2.2.1-4.4mdv2008.0.x86_64.rpm
 1de183c4eb4887d6d94acce507c46a1a  2008.0/x86_64/openoffice.org64-l10n-cy-2.2.1-4.4mdv2008.0.x86_64.rpm
 10eaeace55b3e0b4e046534ae970f4f8  2008.0/x86_64/openoffice.org64-l10n-da-2.2.1-4.4mdv2008.0.x86_64.rpm
 b8db206a858975564012b07dccf6b04d  2008.0/x86_64/openoffice.org64-l10n-de-2.2.1-4.4mdv2008.0.x86_64.rpm
 1a378d25c97f50eae98eaee30806862f  2008.0/x86_64/openoffice.org64-l10n-el-2.2.1-4.4mdv2008.0.x86_64.rpm
 4fb1c541bdbc652a14d2594d122f9ee0  2008.0/x86_64/openoffice.org64-l10n-en_GB-2.2.1-4.4mdv2008.0.x86_64.rpm
 b3ae3401e85038f66121966ff2e7ea00  2008.0/x86_64/openoffice.org64-l10n-es-2.2.1-4.4mdv2008.0.x86_64.rpm
 889faa8d4ab290954184641245f5b438  2008.0/x86_64/openoffice.org64-l10n-et-2.2.1-4.4mdv2008.0.x86_64.rpm
 c37864e8b058984d70e761ee3d8f856a  2008.0/x86_64/openoffice.org64-l10n-eu-2.2.1-4.4mdv2008.0.x86_64.rpm
 260ed7c026eb35106190b752eaaecff7  2008.0/x86_64/openoffice.org64-l10n-fi-2.2.1-4.4mdv2008.0.x86_64.rpm
 7547ae71398a8d4de6fb2762c787f08e  2008.0/x86_64/openoffice.org64-l10n-fr-2.2.1-4.4mdv2008.0.x86_64.rpm
 67448bcb4f018659d9d9670c4e5962b2  2008.0/x86_64/openoffice.org64-l10n-he-2.2.1-4.4mdv2008.0.x86_64.rpm
 143a4383654d1b7a875876ec98e04933  2008.0/x86_64/openoffice.org64-l10n-hi-2.2.1-4.4mdv2008.0.x86_64.rpm
 8fadf6144424230f66d3145440bb0496  2008.0/x86_64/openoffice.org64-l10n-hu-2.2.1-4.4mdv2008.0.x86_64.rpm
 58bb3458e51dc5671f64fc3dfe4d90d1  2008.0/x86_64/openoffice.org64-l10n-it-2.2.1-4.4mdv2008.0.x86_64.rpm
 9a4e6ec140a976c29792c8b33b3999e3  2008.0/x86_64/openoffice.org64-l10n-ja-2.2.1-4.4mdv2008.0.x86_64.rpm
 20c2a64e76f07090708f2baaf44005c0  2008.0/x86_64/openoffice.org64-l10n-ko-2.2.1-4.4mdv2008.0.x86_64.rpm
 d4e56319f91841c3bf55a0fc35edae14  2008.0/x86_64/openoffice.org64-l10n-mk-2.2.1-4.4mdv2008.0.x86_64.rpm
 e53c696eb99a43f04443b23646a14759  2008.0/x86_64/openoffice.org64-l10n-nb-2.2.1-4.4mdv2008.0.x86_64.rpm
 53f3f10ebc2bea28bbbc2cfbdb9ad709  2008.0/x86_64/openoffice.org64-l10n-nl-2.2.1-4.4mdv2008.0.x86_64.rpm
 f92283b6cebdaec9b69750a84b2788f0  2008.0/x86_64/openoffice.org64-l10n-nn-2.2.1-4.4mdv2008.0.x86_64.rpm
 7b8351a79f6d7a2697a0951ccf367e23  2008.0/x86_64/openoffice.org64-l10n-pl-2.2.1-4.4mdv2008.0.x86_64.rpm
 63a53749499281ab09f6bbd7f10afc53  2008.0/x86_64/openoffice.org64-l10n-pt-2.2.1-4.4mdv2008.0.x86_64.rpm
 4b86a348590d07619d53a00ad2ba76d6  2008.0/x86_64/openoffice.org64-l10n-pt_BR-2.2.1-4.4mdv2008.0.x86_64.rpm
 fd9688c0f0e0667086c8ff2866b0bec0  2008.0/x86_64/openoffice.org64-l10n-ru-2.2.1-4.4mdv2008.0.x86_64.rpm
 e11d3f9d3cfdc0d0ee2f552dab06c2b8  2008.0/x86_64/openoffice.org64-l10n-sk-2.2.1-4.4mdv2008.0.x86_64.rpm
 f1e88e0f1c3893b280a1fa27d1ac3dd5  2008.0/x86_64/openoffice.org64-l10n-sl-2.2.1-4.4mdv2008.0.x86_64.rpm
 530ebf4cb28e2447ae2b6ed8a270a3d2  2008.0/x86_64/openoffice.org64-l10n-sv-2.2.1-4.4mdv2008.0.x86_64.rpm
 114ec61047b4fd849389f1b375a37678  2008.0/x86_64/openoffice.org64-l10n-ta-2.2.1-4.4mdv2008.0.x86_64.rpm
 81a7be4777a6a2533cfd1c4d13bd8ffe  2008.0/x86_64/openoffice.org64-l10n-tr-2.2.1-4.4mdv2008.0.x86_64.rpm
 a79b6c988ddacbb65576965911f187ae  2008.0/x86_64/openoffice.org64-l10n-zh_CN-2.2.1-4.4mdv2008.0.x86_64.rpm
 5ff29c0bcf13f362513db31b43afece2  2008.0/x86_64/openoffice.org64-l10n-zh_TW-2.2.1-4.4mdv2008.0.x86_64.rpm
 8574f6c677faca78c6e26f050e5a880e  2008.0/x86_64/openoffice.org64-l10n-zu-2.2.1-4.4mdv2008.0.x86_64.rpm
 8856df860bf381f5d92f962fceaa49c7  2008.0/x86_64/openoffice.org64-mono-2.2.1-4.4mdv2008.0.x86_64.rpm
 3bfcc8d0f2008cf53b23eb1287fdb0b5  2008.0/x86_64/openoffice.org64-ooqstart-2.2.1-4.4mdv2008.0.x86_64.rpm 
 1f77c6c9cfb6a0aed77a33e12cf8f1f6  2008.0/SRPMS/openoffice.org-2.2.1-4.4mdv2008.0.src.rpm
 84c73385fdcb1d0a1bc2c077f744a20f  2008.0/SRPMS/openoffice.org64-2.2.1-4.4mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIGyximqjQ0CJFipgRAjhzAJ92SagdMcfpQ+8+yUkIDfQwWHHXtQCdFatU
AP1ht4X2KMYbLfHKsiEBKoY=
=4vxy
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ