[Backports-security-announce] Security Update for openoffice.org

2010-02-1220:39:53

lists.debian.org

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

Rene Engelhard uploaded a new package for openoffice.org which fixed the
following security problems:

CVE-2010-0136

It was discovered that macro security settings were insufficiently
enforced for VBA macros.

CVE-2009-0217

It was discovered that the W3C XML Signature recommendation
contains a protocol-level vulnerability related to HMAC output
truncation. This also affects the integrated libxmlsec library.

CVE-2009-2949

Sebastian Apelt discovered that an integer overflow in the XPM
import code may lead to the execution of arbitrary code.

CVE-2009-2950

Sebastian Apelt and Frank Reissner discovered that a buffer
overflow in the GIF import code may lead to the execution of
arbitrary code.

CVE-2009-3301/CVE-2009-3302

Nicolas Joly discovered multiple vulnerabilities in the parser for
Word document files, which may lead to the execution of arbitrary
code.

For the lenny-backports distribution (etch), these problems have been fixed in
version 1:3.1.1-15+squeeze1~bpo50+1.

Upgrade instructions

If you don't use pinning (see [1]) you have to update redmine
manually via "apt-get -t lenny-backports install redmine".
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>

We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:

Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
Attachment:
signature.asc
Description: Digital signature

OSVersionArchitecturePackageVersionFilename
Debian5amd64python-uno< 2.4.1+dfsg-1+lenny6python-uno_2.4.1+dfsg-1+lenny6_amd64.deb
Debian6allopenoffice.org-l10n-ca< 3.1.1-15+squeeze1openoffice.org-l10n-ca_3.1.1-15+squeeze1_all.deb
Debian4allopenoffice.org-help-nl< 2.0.4.dfsg.2-7etch9openoffice.org-help-nl_2.0.4.dfsg.2-7etch9_all.deb
Debian5ia64openoffice.org-kde< 2.4.1+dfsg-1+lenny6openoffice.org-kde_2.4.1+dfsg-1+lenny6_ia64.deb
Debian5allopenoffice.org-l10n-zu< 2.4.1+dfsg-1+lenny6openoffice.org-l10n-zu_2.4.1+dfsg-1+lenny6_all.deb
Debian4allopenoffice.org-filter-mobiledev< 3.1.1-15+squeeze1~bpo50+1openoffice.org-filter-mobiledev_3.1.1-15+squeeze1~bpo50+1_all.deb
Debian4s390ure< 1.5.1+OOo3.1.1-15+squeeze1~bpo50+1ure_1.5.1+OOo3.1.1-15+squeeze1~bpo50+1_s390.deb
Debian6i386openoffice.org-gtk< 3.1.1-15+squeeze1openoffice.org-gtk_3.1.1-15+squeeze1_i386.deb
Debian5mipselopenoffice.org-writer< 2.4.1+dfsg-1+lenny6openoffice.org-writer_2.4.1+dfsg-1+lenny6_mipsel.deb
Debian5ia64openoffice.org-headless< 2.4.1+dfsg-1+lenny6openoffice.org-headless_2.4.1+dfsg-1+lenny6_ia64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	5	amd64	python-uno	< 2.4.1+dfsg-1+lenny6	python-uno_2.4.1+dfsg-1+lenny6_amd64.deb
Debian	6	all	openoffice.org-l10n-ca	< 3.1.1-15+squeeze1	openoffice.org-l10n-ca_3.1.1-15+squeeze1_all.deb
Debian	4	all	openoffice.org-help-nl	< 2.0.4.dfsg.2-7etch9	openoffice.org-help-nl_2.0.4.dfsg.2-7etch9_all.deb
Debian	5	ia64	openoffice.org-kde	< 2.4.1+dfsg-1+lenny6	openoffice.org-kde_2.4.1+dfsg-1+lenny6_ia64.deb
Debian	5	all	openoffice.org-l10n-zu	< 2.4.1+dfsg-1+lenny6	openoffice.org-l10n-zu_2.4.1+dfsg-1+lenny6_all.deb
Debian	4	all	openoffice.org-filter-mobiledev	< 3.1.1-15+squeeze1~bpo50+1	openoffice.org-filter-mobiledev_3.1.1-15+squeeze1~bpo50+1_all.deb
Debian	4	s390	ure	< 1.5.1+OOo3.1.1-15+squeeze1~bpo50+1	ure_1.5.1+OOo3.1.1-15+squeeze1~bpo50+1_s390.deb
Debian	6	i386	openoffice.org-gtk	< 3.1.1-15+squeeze1	openoffice.org-gtk_3.1.1-15+squeeze1_i386.deb
Debian	5	mipsel	openoffice.org-writer	< 2.4.1+dfsg-1+lenny6	openoffice.org-writer_2.4.1+dfsg-1+lenny6_mipsel.deb
Debian	5	ia64	openoffice.org-headless	< 2.4.1+dfsg-1+lenny6	openoffice.org-headless_2.4.1+dfsg-1+lenny6_ia64.deb