9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.124 Low
EPSS
Percentile
94.9%
Rene Engelhard uploaded new packages for openoffice.org which fixed the
following security problems:
Debian BTS #496361
left-over debugging echos writing into an insecure temp file can allow
attackers to overwrite files on the system with the prvilieges of the user
executing senddoc (File -> Send)
CVE-2008-2237
A security vulnerability with the way OpenOffice 2.x process WMF files
may allow a remote unprivileged user who provides a
StarOffice/StarSuite document that is opened by a local user to execute
arbitrary commands on the system with the privileges of the user running
StarOffice/StarSuite
CVE-2008-2238
A security vulnerability with the way OpenOffice 2.x process EMF files
may allow a remote unprivileged user who provides a
StarOffice/StarSuite document that is opened by a local user to execute
arbitrary commands on the system with the privileges of the user running
StarOffice/StarSuite.
For the etch-backports distribution the problems have been fixed in
version 1:2.4.1-12~bpo40+1.
For the lenny and sid distribution the problems have been fixed in
version 1:2.4.1-12.
Upgrade instructions
If you don't use pinning (see [1]) you have to update the packages
manually via "apt-get -t etch-backports install <packagelist>" with the
packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=etch-backports
Pin-Priority: 200
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 5 | all | openoffice.org | <Β 1:2.4.1-12 | openoffice.org_1:2.4.1-12_all.deb |