lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <20110126161812.BD05C4143A1@finlandia.home.infodrom.org>
Date: Wed, 26 Jan 2011 17:18:12 +0100 (CET)
From: joey@...odrom.org (Martin Schulze)
To: debian-security-announce@...ts.debian.org (Debian Security Announcements)
Subject: [SECURITY] [DSA 2151-1] New OpenOffice.org
	packages fix several vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 2151-1                    security@...ian.org
http://www.debian.org/security/                             Martin Schulze
January 26th, 2011                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : openoffice.org
Vulnerability  : several
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453
                 CVE-2010-3454 CVE-2010-3689 CVE-2010-4253 CVE-2010-4643 

Several security related problems have been discovered in the
OpenOffice.org package that allows malformed documents to trick the
system into crashes or even the execution of arbitrary code.

CVE-2010-3450

    During an internal security audit within Red Hat, a directory
    traversal vulnerability has been discovered in the way
    OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files.  If
    a local user is tricked into opening a specially-crafted OOo XML
    filters package file, this problem could allow remote attackers to
    create or overwrite arbitrary files belonging to local user or,
    potentially, execute arbitrary code.

CVE-2010-3451

    During his work as a consultant at Virtual Security Research
    (VSR), Dan Rosenberg discovered a vulnerability in
    OpenOffice.org's RTF parsing functionality.  Opening a maliciously
    crafted RTF document can caus an out-of-bounds memory read into
    previously allocated heap memory, which may lead to the execution
    of arbitrary code.

CVE-2010-3452

    Dan Rosenberg discovered a vulnerability in the RTF file parser
    which can be leveraged by attackers to achieve arbitrary code
    execution by convincing a victim to open a maliciously crafted RTF
    file.

CVE-2010-3453

    As part of his work with Virtual Security Research, Dan Rosenberg
    discovered a vulnerability in the WW8ListManager::WW8ListManager()
    function of OpenOffice.org that allows a maliciously crafted file
    to cause the execution of arbitrary code.

CVE-2010-3454

    As part of his work with Virtual Security Research, Dan Rosenberg
    discovered a vulnerability in the WW8DopTypography::ReadFromMem()
    function in OpenOffice.org that may be exploited by a maliciously
    crafted file which allowins an attacker to control program flow
    and potentially execute arbitrary code.

CVE-2010-3689

    Dmitri Gribenko discovered that the soffice script does not treat
    an empty LD_LIBRARY_PATH variable like an unset one, may lead to
    the execution of arbitrary code.

CVE-2010-4253

    A heap based buffer overflow has been discovered with unknown impact.

CVE-2010-4643

    A vulnerability has been discovered in the way OpenOffice.org
    handles TGA graphics which can be tricked by a specially crafted
    TGA file that could cause the program to crash due to a heap-based
    buffer overflow with unknown impact.


For the stable distribution (lenny) these problems have been fixed in
version 2.4.1+dfsg-1+lenny11.

For the upcoming stable distribution (squeeze) these problems have
been fixed in version 3.2.1-11+squeeze1.

For the unstable distribution (sid) these problems have been fixed in
version 3.2.1-11+squeeze1.

For the experimental distribution these problems have been fixed in
version 3.3.0~rc3-1.

We recommend that you upgrade your OpenOffice.org packages.


Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: [18]http://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFNQEkOW5ql+IAeqTIRAp9GAJ0WTb4z3fzW9x3TK3aux2v/zWtIPQCfRdzx
+AX/hG1qBThFdf0f6k2SiMQ=
=O7sd
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists