[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1Jrza4-0005BB-Qw@titan.mandriva.com>
Date: Fri, 02 May 2008 12:02:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:095 ] - Updated OpenOffice.org
packages fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:095
http://www.mandriva.com/security/
_______________________________________________________________________
Package : openoffice.org
Date : May 2, 2008
Affected: 2008.0
_______________________________________________________________________
Problem Description:
A vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org could
allow user-assisted remote attackers to execute arbitrary Java code
via crafted database documents (CVE-2007-4575).
A heap overflow was discovered in OpenOffice.org's EMF parser.
An attacker could create a carefully crafted EMF file that could
cause OpenOffice.org to crash or potentially execute arbitrary code
if the malicious EMF image was added to a document or if a document
containing such an EMF file was opened (CVE-2007-5746).
Multiple heap overflows and an integer underflow were discovered in the
Quattro Pro(R) import filter. An attacker could create a carefully
crafted Quattro Pro file that could cause OpenOffice.org ro crash or
potentially execute arbitraty code (CVE-2007-5745, CVE-2007-5747).
A heap overflow was discovered in the OLE Structured Storage file
parser, a format used by Microsoft Office documents. An attacker could
create a carefully crafted OLE file that could cause OpenOffice.org
to crash or potentially execute arbitrary code (CVE-2008-0320).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4575
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5746
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5747
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0320
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
72798954ff44449ad9203fdce7130a62 2008.0/i586/openoffice.org-2.2.1-4.4mdv2008.0.i586.rpm
6a537faa29607ffef0a6544f5501a393 2008.0/i586/openoffice.org-devel-2.2.1-4.4mdv2008.0.i586.rpm
882be28f508c5b922378aafa6be1113b 2008.0/i586/openoffice.org-devel-doc-2.2.1-4.4mdv2008.0.i586.rpm
d2cb90d3441f95836643e75012bf95d1 2008.0/i586/openoffice.org-galleries-2.2.1-4.4mdv2008.0.i586.rpm
d0742126a62fcc7251458eebaeabd4fb 2008.0/i586/openoffice.org-gnome-2.2.1-4.4mdv2008.0.i586.rpm
0e6c20146f75d8922c679db7b06bd4be 2008.0/i586/openoffice.org-kde-2.2.1-4.4mdv2008.0.i586.rpm
e1161013ec13e2e3138d578539cb5f37 2008.0/i586/openoffice.org-l10n-af-2.2.1-4.4mdv2008.0.i586.rpm
b3663ed4b3c533d0e9188540acb9d6ea 2008.0/i586/openoffice.org-l10n-ar-2.2.1-4.4mdv2008.0.i586.rpm
00d753cc4308935b4a704d08385dfe21 2008.0/i586/openoffice.org-l10n-bg-2.2.1-4.4mdv2008.0.i586.rpm
ce6c8bc0b6b63574d6e50d2a63b5c670 2008.0/i586/openoffice.org-l10n-br-2.2.1-4.4mdv2008.0.i586.rpm
572f6fde12b683e7ec47a2d3e49493fc 2008.0/i586/openoffice.org-l10n-bs-2.2.1-4.4mdv2008.0.i586.rpm
055e27ae44d8dc7a4322d835da7da993 2008.0/i586/openoffice.org-l10n-ca-2.2.1-4.4mdv2008.0.i586.rpm
97b37e8e03bec178607d71d0d58b14d6 2008.0/i586/openoffice.org-l10n-cs-2.2.1-4.4mdv2008.0.i586.rpm
8975fed89790697fc1d791ee040c1193 2008.0/i586/openoffice.org-l10n-cy-2.2.1-4.4mdv2008.0.i586.rpm
22b0b401e8c1dd731a455f9fbc7c7dbe 2008.0/i586/openoffice.org-l10n-da-2.2.1-4.4mdv2008.0.i586.rpm
ed1a1f10985d483cb32f17e5c1d9e2d5 2008.0/i586/openoffice.org-l10n-de-2.2.1-4.4mdv2008.0.i586.rpm
95888fffe3dfd1d4e81863016c98fdd4 2008.0/i586/openoffice.org-l10n-el-2.2.1-4.4mdv2008.0.i586.rpm
ddff2b506a75655ba1a864cc308bdb74 2008.0/i586/openoffice.org-l10n-en_GB-2.2.1-4.4mdv2008.0.i586.rpm
647ff67a9e986c56b858784ac409f628 2008.0/i586/openoffice.org-l10n-es-2.2.1-4.4mdv2008.0.i586.rpm
2e9730e46b79e6b5cc00ec6241d72a40 2008.0/i586/openoffice.org-l10n-et-2.2.1-4.4mdv2008.0.i586.rpm
5ebf6059a75498d3c254b3a5c26102f7 2008.0/i586/openoffice.org-l10n-eu-2.2.1-4.4mdv2008.0.i586.rpm
51770048207446d31c2560439f1f1c96 2008.0/i586/openoffice.org-l10n-fi-2.2.1-4.4mdv2008.0.i586.rpm
497785ba862bcc7ccf58e86d9339839c 2008.0/i586/openoffice.org-l10n-fr-2.2.1-4.4mdv2008.0.i586.rpm
a9cd13bc39e594e2e0b328a494a05e59 2008.0/i586/openoffice.org-l10n-he-2.2.1-4.4mdv2008.0.i586.rpm
acaab185b3eeedd24ade68134e0bae3a 2008.0/i586/openoffice.org-l10n-hi-2.2.1-4.4mdv2008.0.i586.rpm
416d29a882ee24fb51e37ca233650f92 2008.0/i586/openoffice.org-l10n-hu-2.2.1-4.4mdv2008.0.i586.rpm
51ee97ed40d9e3bd425e66e4643c213b 2008.0/i586/openoffice.org-l10n-it-2.2.1-4.4mdv2008.0.i586.rpm
2eec359c15bb910226c01d0c75b303cf 2008.0/i586/openoffice.org-l10n-ja-2.2.1-4.4mdv2008.0.i586.rpm
96661d4b321482c4059fd1ec0a7a3406 2008.0/i586/openoffice.org-l10n-ko-2.2.1-4.4mdv2008.0.i586.rpm
b5c56e228e7f6d50f607ed2133eafdfc 2008.0/i586/openoffice.org-l10n-mk-2.2.1-4.4mdv2008.0.i586.rpm
4148b2d03b06f9e3424d7e72e6ba64a7 2008.0/i586/openoffice.org-l10n-nb-2.2.1-4.4mdv2008.0.i586.rpm
b748239254d900e79161a0b8351deb75 2008.0/i586/openoffice.org-l10n-nl-2.2.1-4.4mdv2008.0.i586.rpm
b9242bbea24034e0d8883fdd4ac417fe 2008.0/i586/openoffice.org-l10n-nn-2.2.1-4.4mdv2008.0.i586.rpm
a9a83327869b06b85263aac4f2ce8944 2008.0/i586/openoffice.org-l10n-pl-2.2.1-4.4mdv2008.0.i586.rpm
d754b3ae052cac6a9f6bd4f9f8a61cf5 2008.0/i586/openoffice.org-l10n-pt-2.2.1-4.4mdv2008.0.i586.rpm
51e3242d755dbdecb783b8c1a608d380 2008.0/i586/openoffice.org-l10n-pt_BR-2.2.1-4.4mdv2008.0.i586.rpm
2a766fb4ad705cc9815431c8f46228a3 2008.0/i586/openoffice.org-l10n-ru-2.2.1-4.4mdv2008.0.i586.rpm
4a5981bc0231b5a20bd56674c31386a8 2008.0/i586/openoffice.org-l10n-sk-2.2.1-4.4mdv2008.0.i586.rpm
06483e894447c9d6e4ca0c56bb98e4e8 2008.0/i586/openoffice.org-l10n-sl-2.2.1-4.4mdv2008.0.i586.rpm
a7f4e2bcf881d7a295b8a6f6a601b598 2008.0/i586/openoffice.org-l10n-sv-2.2.1-4.4mdv2008.0.i586.rpm
0aee1180d9b1e91f36b47696765bfdcf 2008.0/i586/openoffice.org-l10n-ta-2.2.1-4.4mdv2008.0.i586.rpm
98d8d02bc3d6da0a780e6d6a09de3586 2008.0/i586/openoffice.org-l10n-tr-2.2.1-4.4mdv2008.0.i586.rpm
ec82d080ba11a9bb0a4c92fd718c3ff4 2008.0/i586/openoffice.org-l10n-zh_CN-2.2.1-4.4mdv2008.0.i586.rpm
b1294ebbc030c8b473d3f4cac1f0f9ad 2008.0/i586/openoffice.org-l10n-zh_TW-2.2.1-4.4mdv2008.0.i586.rpm
04420991685ad352ba76381058719d3b 2008.0/i586/openoffice.org-l10n-zu-2.2.1-4.4mdv2008.0.i586.rpm
9d7ccd1b59dd4396d4036be8145679d0 2008.0/i586/openoffice.org-mono-2.2.1-4.4mdv2008.0.i586.rpm
80590a32554d257c48b9ce42a76ea108 2008.0/i586/openoffice.org-ooqstart-2.2.1-4.4mdv2008.0.i586.rpm
1f77c6c9cfb6a0aed77a33e12cf8f1f6 2008.0/SRPMS/openoffice.org-2.2.1-4.4mdv2008.0.src.rpm
84c73385fdcb1d0a1bc2c077f744a20f 2008.0/SRPMS/openoffice.org64-2.2.1-4.4mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
456a8013fca659dea3938f469561ef0b 2008.0/x86_64/openoffice.org64-2.2.1-4.4mdv2008.0.x86_64.rpm
c4374226d24bfc714acb6c3015d585f2 2008.0/x86_64/openoffice.org64-devel-2.2.1-4.4mdv2008.0.x86_64.rpm
a963feb3099659d2e16298fa6ab93ba0 2008.0/x86_64/openoffice.org64-devel-doc-2.2.1-4.4mdv2008.0.x86_64.rpm
fa6bd2c7af34ff151e2bdc5f1723a3af 2008.0/x86_64/openoffice.org64-galleries-2.2.1-4.4mdv2008.0.x86_64.rpm
44a3a7ee839a336e9b06d80d67785589 2008.0/x86_64/openoffice.org64-gnome-2.2.1-4.4mdv2008.0.x86_64.rpm
8df343f9cbccecbabcb12c8901fb1b82 2008.0/x86_64/openoffice.org64-kde-2.2.1-4.4mdv2008.0.x86_64.rpm
0b821aa43e0e78a2f99629b75211f8d9 2008.0/x86_64/openoffice.org64-l10n-af-2.2.1-4.4mdv2008.0.x86_64.rpm
8d5a1da2f98ed8eb54a77732c01cb1c1 2008.0/x86_64/openoffice.org64-l10n-ar-2.2.1-4.4mdv2008.0.x86_64.rpm
2f93835ea0677728552b6aaf8752fd98 2008.0/x86_64/openoffice.org64-l10n-bg-2.2.1-4.4mdv2008.0.x86_64.rpm
68cecc3d640bd1605b51e125e83b0842 2008.0/x86_64/openoffice.org64-l10n-br-2.2.1-4.4mdv2008.0.x86_64.rpm
e89b07e667940059458c45822269297f 2008.0/x86_64/openoffice.org64-l10n-bs-2.2.1-4.4mdv2008.0.x86_64.rpm
d40fc83e01482ac9eca8802ee21533f2 2008.0/x86_64/openoffice.org64-l10n-ca-2.2.1-4.4mdv2008.0.x86_64.rpm
17022bd83ffc77f40c23402b97a7bb10 2008.0/x86_64/openoffice.org64-l10n-cs-2.2.1-4.4mdv2008.0.x86_64.rpm
1de183c4eb4887d6d94acce507c46a1a 2008.0/x86_64/openoffice.org64-l10n-cy-2.2.1-4.4mdv2008.0.x86_64.rpm
10eaeace55b3e0b4e046534ae970f4f8 2008.0/x86_64/openoffice.org64-l10n-da-2.2.1-4.4mdv2008.0.x86_64.rpm
b8db206a858975564012b07dccf6b04d 2008.0/x86_64/openoffice.org64-l10n-de-2.2.1-4.4mdv2008.0.x86_64.rpm
1a378d25c97f50eae98eaee30806862f 2008.0/x86_64/openoffice.org64-l10n-el-2.2.1-4.4mdv2008.0.x86_64.rpm
4fb1c541bdbc652a14d2594d122f9ee0 2008.0/x86_64/openoffice.org64-l10n-en_GB-2.2.1-4.4mdv2008.0.x86_64.rpm
b3ae3401e85038f66121966ff2e7ea00 2008.0/x86_64/openoffice.org64-l10n-es-2.2.1-4.4mdv2008.0.x86_64.rpm
889faa8d4ab290954184641245f5b438 2008.0/x86_64/openoffice.org64-l10n-et-2.2.1-4.4mdv2008.0.x86_64.rpm
c37864e8b058984d70e761ee3d8f856a 2008.0/x86_64/openoffice.org64-l10n-eu-2.2.1-4.4mdv2008.0.x86_64.rpm
260ed7c026eb35106190b752eaaecff7 2008.0/x86_64/openoffice.org64-l10n-fi-2.2.1-4.4mdv2008.0.x86_64.rpm
7547ae71398a8d4de6fb2762c787f08e 2008.0/x86_64/openoffice.org64-l10n-fr-2.2.1-4.4mdv2008.0.x86_64.rpm
67448bcb4f018659d9d9670c4e5962b2 2008.0/x86_64/openoffice.org64-l10n-he-2.2.1-4.4mdv2008.0.x86_64.rpm
143a4383654d1b7a875876ec98e04933 2008.0/x86_64/openoffice.org64-l10n-hi-2.2.1-4.4mdv2008.0.x86_64.rpm
8fadf6144424230f66d3145440bb0496 2008.0/x86_64/openoffice.org64-l10n-hu-2.2.1-4.4mdv2008.0.x86_64.rpm
58bb3458e51dc5671f64fc3dfe4d90d1 2008.0/x86_64/openoffice.org64-l10n-it-2.2.1-4.4mdv2008.0.x86_64.rpm
9a4e6ec140a976c29792c8b33b3999e3 2008.0/x86_64/openoffice.org64-l10n-ja-2.2.1-4.4mdv2008.0.x86_64.rpm
20c2a64e76f07090708f2baaf44005c0 2008.0/x86_64/openoffice.org64-l10n-ko-2.2.1-4.4mdv2008.0.x86_64.rpm
d4e56319f91841c3bf55a0fc35edae14 2008.0/x86_64/openoffice.org64-l10n-mk-2.2.1-4.4mdv2008.0.x86_64.rpm
e53c696eb99a43f04443b23646a14759 2008.0/x86_64/openoffice.org64-l10n-nb-2.2.1-4.4mdv2008.0.x86_64.rpm
53f3f10ebc2bea28bbbc2cfbdb9ad709 2008.0/x86_64/openoffice.org64-l10n-nl-2.2.1-4.4mdv2008.0.x86_64.rpm
f92283b6cebdaec9b69750a84b2788f0 2008.0/x86_64/openoffice.org64-l10n-nn-2.2.1-4.4mdv2008.0.x86_64.rpm
7b8351a79f6d7a2697a0951ccf367e23 2008.0/x86_64/openoffice.org64-l10n-pl-2.2.1-4.4mdv2008.0.x86_64.rpm
63a53749499281ab09f6bbd7f10afc53 2008.0/x86_64/openoffice.org64-l10n-pt-2.2.1-4.4mdv2008.0.x86_64.rpm
4b86a348590d07619d53a00ad2ba76d6 2008.0/x86_64/openoffice.org64-l10n-pt_BR-2.2.1-4.4mdv2008.0.x86_64.rpm
fd9688c0f0e0667086c8ff2866b0bec0 2008.0/x86_64/openoffice.org64-l10n-ru-2.2.1-4.4mdv2008.0.x86_64.rpm
e11d3f9d3cfdc0d0ee2f552dab06c2b8 2008.0/x86_64/openoffice.org64-l10n-sk-2.2.1-4.4mdv2008.0.x86_64.rpm
f1e88e0f1c3893b280a1fa27d1ac3dd5 2008.0/x86_64/openoffice.org64-l10n-sl-2.2.1-4.4mdv2008.0.x86_64.rpm
530ebf4cb28e2447ae2b6ed8a270a3d2 2008.0/x86_64/openoffice.org64-l10n-sv-2.2.1-4.4mdv2008.0.x86_64.rpm
114ec61047b4fd849389f1b375a37678 2008.0/x86_64/openoffice.org64-l10n-ta-2.2.1-4.4mdv2008.0.x86_64.rpm
81a7be4777a6a2533cfd1c4d13bd8ffe 2008.0/x86_64/openoffice.org64-l10n-tr-2.2.1-4.4mdv2008.0.x86_64.rpm
a79b6c988ddacbb65576965911f187ae 2008.0/x86_64/openoffice.org64-l10n-zh_CN-2.2.1-4.4mdv2008.0.x86_64.rpm
5ff29c0bcf13f362513db31b43afece2 2008.0/x86_64/openoffice.org64-l10n-zh_TW-2.2.1-4.4mdv2008.0.x86_64.rpm
8574f6c677faca78c6e26f050e5a880e 2008.0/x86_64/openoffice.org64-l10n-zu-2.2.1-4.4mdv2008.0.x86_64.rpm
8856df860bf381f5d92f962fceaa49c7 2008.0/x86_64/openoffice.org64-mono-2.2.1-4.4mdv2008.0.x86_64.rpm
3bfcc8d0f2008cf53b23eb1287fdb0b5 2008.0/x86_64/openoffice.org64-ooqstart-2.2.1-4.4mdv2008.0.x86_64.rpm
1f77c6c9cfb6a0aed77a33e12cf8f1f6 2008.0/SRPMS/openoffice.org-2.2.1-4.4mdv2008.0.src.rpm
84c73385fdcb1d0a1bc2c077f744a20f 2008.0/SRPMS/openoffice.org64-2.2.1-4.4mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIGyximqjQ0CJFipgRAjhzAJ92SagdMcfpQ+8+yUkIDfQwWHHXtQCdFatU
AP1ht4X2KMYbLfHKsiEBKoY=
=4vxy
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists