Security update for openoffice.org

2010-09-1219:39:12

lists.debian.org

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.149 Low

EPSS

Percentile

95.3%

JSON

Rene Engelhard uploaded new packages for openoffice.org which fixed the
following security problems:

CVE-2010-2935 CVE-2010-2936:

Charlie Miller has discovered two vulnerabilities in OpenOffice.org
Impress, which can be exploited by malicious people to compromise a
user's system and execute arbitrary code.

1) An integer truncation error when parsing certain content can be
exploited to cause a heap-based buffer overflow via a specially
crafted file.

2) A short integer overflow error when parsing certain content can
be exploited to cause a heap-based buffer overflow via a specially
crafted file.

For the lenny-backports distribution the problems have been fixed in
version 1:3.2.1-6~bpo50+1.

For the squeeze and sid distributions the problems have been fixed in
version 1:3.2.1-6.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the package
manually via "apt-get -t lenny-backports install <packagelist>" with
the packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>

We recommend to pin the backports repository to 200 so that new
versions of installed backports will be installed automatically.

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200

OSVersionArchitecturePackageVersionFilename
Debian6allopenoffice.org-common< 1:3.2.1-6openoffice.org-common_1:3.2.1-6_all.deb
Debian6allopenoffice.org-java-common< 1:3.2.1-6openoffice.org-java-common_1:3.2.1-6_all.deb
Debian6allopenoffice.org-l10n-bn< 1:3.2.1-6openoffice.org-l10n-bn_1:3.2.1-6_all.deb
Debian6allopenoffice.org-style-industrial< 1:3.2.1-6openoffice.org-style-industrial_1:3.2.1-6_all.deb
Debian6allopenoffice.org-core< 1:3.2.1-6openoffice.org-core_1:3.2.1-6_all.deb
Debian6allopenoffice.org-base-core< 1:3.2.1-6openoffice.org-base-core_1:3.2.1-6_all.deb
Debian6allopenoffice.org-l10n-in< 1:3.2.1-6openoffice.org-l10n-in_1:3.2.1-6_all.deb
Debian6allopenoffice.org-math< 1:3.2.1-6openoffice.org-math_1:3.2.1-6_all.deb
Debian6allpython-uno< 1:3.2.1-6python-uno_1:3.2.1-6_all.deb
Debian6allopenoffice.org-l10n-za< 1:3.2.1-6openoffice.org-l10n-za_1:3.2.1-6_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	all	openoffice.org-common	< 1:3.2.1-6	openoffice.org-common_1:3.2.1-6_all.deb
Debian	6	all	openoffice.org-java-common	< 1:3.2.1-6	openoffice.org-java-common_1:3.2.1-6_all.deb
Debian	6	all	openoffice.org-l10n-bn	< 1:3.2.1-6	openoffice.org-l10n-bn_1:3.2.1-6_all.deb
Debian	6	all	openoffice.org-style-industrial	< 1:3.2.1-6	openoffice.org-style-industrial_1:3.2.1-6_all.deb
Debian	6	all	openoffice.org-core	< 1:3.2.1-6	openoffice.org-core_1:3.2.1-6_all.deb
Debian	6	all	openoffice.org-base-core	< 1:3.2.1-6	openoffice.org-base-core_1:3.2.1-6_all.deb
Debian	6	all	openoffice.org-l10n-in	< 1:3.2.1-6	openoffice.org-l10n-in_1:3.2.1-6_all.deb
Debian	6	all	openoffice.org-math	< 1:3.2.1-6	openoffice.org-math_1:3.2.1-6_all.deb
Debian	6	all	python-uno	< 1:3.2.1-6	python-uno_1:3.2.1-6_all.deb
Debian	6	all	openoffice.org-l10n-za	< 1:3.2.1-6	openoffice.org-l10n-za_1:3.2.1-6_all.deb