1:3.1.1-19.26
CVE-2009-2950 GIF file parsing heap overflow (caolanm)
CVE-2009-2949 integer overflow in XPM processing (caolanm)
CVE-2009-3301 .doc Table Parsing vulernability (caolanm)
CVE-2009-3302 .doc Table Parsing vulernability (caolanm)
Resolves: rhbz#561778 openoffice.org-3.2.0.oooXXXXX.svx.safestyledelete.patc h
Resolves: rhbz#561989 openoffice.org-3.2.0.ooo109009.sc.tooltipcrash.patch
Resolves: rhbz#445588 improve same name substitution
Tue Feb 2 2010 Caolan McNamara <caolanm at redhat.com>
Resolves: rhbz#549890 add workspace.extmgr01.patch (dtardon)
Resolves: rhbz#551983 OpenOffice writer crashes when opening document with link in footnote (dtardon)
Resolves: rhbz#550316 Openoffice.org Impress loses graphics when background color is changed (dtardon)
Resolves: rhbz#554259 No autocorrect files for Lithuanian (dtardon)
Resolves: rhbz#549573 improve document compare (caolanm)
Resolves: rhbz#558342 [abrt] crash in SvxNumOptionsTabPage::InitControls (dtardon)
Resolves: ooo#108637/rhbz#558253 sfx2 uisavedir (caolanm)
Resolves: rhbz#560435 rtf dropcap crash (caolanm)
Resolves: rhbz#560996/rhbz#560353 qstartfixes (caolanm)
Tue Dec 22 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.24
Resolves: rhbz#545824 bustage in writer with emboldened fonts
Fri Dec 18 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.23
Resolves: rhbz#548512 workspace.ooo32gsl03.patch
Tue Dec 15 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.22
Resolves: rhbz#529648 add workspace.fwk132.patch
Resolves: rhbz#547176 add openoffice.org-3.2.0.ooo47279.sd.objectsave.safe.patch
Wed Dec 9 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.21
Resolves: rhbz#544124 add openoffice.org-3.2.0.ooo106502.svx.fixspelltimer.patch
Resolves: rhbz#544218 add openoffice.org-3.2.0.ooo107552.vcl.sft.patch
Resolves: rhbz#545783 add workspace.vcl105.patch
Fri Nov 27 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.20
Resolves: rhbz#541222 add openoffice.org-3.2.0.ooo107260.dtrans.clipboard.shutdo wn.patch (caolanm)
Mon Nov 23 2009 Caolan McNamara <caolanm at redhat.com>
1:3.1.1-19.19
Resolves: rhbz#540379/ooo#107131 impress tabledrag crash
Resolves: rhbz#540231 add openoffice.org-3.2.0.oooXXXXX.canvas.fixcolorspace.pat ch
add openoffice.org-4.2.0.ooo107151.sc.pop-empty-cell.patch (dtardon)
Resolves: rhbz#533538 OpenOffice keyboard shortcuts mis-map in the Spanish localized version of OOo (caolanm)
Tue Nov 17 2009 Caolan McNamara <caolanm at redhat.com>
1:3.1.1-19.18
Resolves: ooo#59648 sw .doc export scaling (caolanm)
Tue Nov 10 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.17
Resolves: rhbz#533841 ooo#105710 svx loadstorenumbering (caolanm)
[plus 8 lines in the Changelog]
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2010-1847.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(47276);
script_version("1.19");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2009-2949", "CVE-2009-2950", "CVE-2009-3301", "CVE-2009-3302");
script_bugtraq_id(38218);
script_xref(name:"FEDORA", value:"2010-1847");
script_name(english:"Fedora 12 : openoffice.org-3.1.1-19.26.fc12 (2010-1847)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
" - Fri Feb 12 2010 Caolan McNamara <caolanm at redhat.com>
- 1:3.1.1-19.26
- CVE-2009-2950 GIF file parsing heap overflow (caolanm)
- CVE-2009-2949 integer overflow in XPM processing
(caolanm)
- CVE-2009-3301 .doc Table Parsing vulernability
(caolanm)
- CVE-2009-3302 .doc Table Parsing vulernability
(caolanm)
- Resolves: rhbz#561778
openoffice.org-3.2.0.oooXXXXX.svx.safestyledelete.patc
h
- Resolves: rhbz#561989
openoffice.org-3.2.0.ooo109009.sc.tooltipcrash.patch
- Resolves: rhbz#445588 improve same name substitution
- Tue Feb 2 2010 Caolan McNamara <caolanm at redhat.com>
- 1:3.1.1-19.25
- Resolves: rhbz#549890 add workspace.extmgr01.patch
(dtardon)
- Resolves: rhbz#551983 OpenOffice writer crashes when
opening document with link in footnote (dtardon)
- Resolves: rhbz#550316 Openoffice.org Impress loses
graphics when background color is changed (dtardon)
- Resolves: rhbz#554259 No autocorrect files for
Lithuanian (dtardon)
- Resolves: rhbz#553929 [abrt] crash in
ColorConfigCtrl_Impl::ScrollHdl (dtardon)
- Resolves: rhbz#549573 improve document compare (caolanm)
- Resolves: rbhz#555257 openoffice cannot use JPEG
images using CMYK colorspace (dtardon)
- Resolves: rhbz#558342 [abrt] crash in
SvxNumOptionsTabPage::InitControls (dtardon)
- Resolves: ooo#108637/rhbz#558253 sfx2 uisavedir
(caolanm)
- Resolves: rhbz#560435 rtf dropcap crash (caolanm)
- Resolves: rhbz#560996/rhbz#560353 qstartfixes
(caolanm)
- Tue Dec 22 2009 Caolan McNamara <caolanm at
redhat.com> - 1:3.1.1-19.24
- Resolves: rhbz#545824 bustage in writer with
emboldened fonts
- Fri Dec 18 2009 Caolan McNamara <caolanm at
redhat.com> - 1:3.1.1-19.23
- Resolves: rhbz#548512 workspace.ooo32gsl03.patch
- Tue Dec 15 2009 Caolan McNamara <caolanm at
redhat.com> - 1:3.1.1-19.22
- Resolves: rhbz#529648 add workspace.fwk132.patch
- Resolves: rhbz#547176 add
openoffice.org-3.2.0.ooo47279.sd.objectsave.safe.patch
- Wed Dec 9 2009 Caolan McNamara <caolanm at redhat.com> -
1:3.1.1-19.21
- Resolves: rhbz#544124 add
openoffice.org-3.2.0.ooo106502.svx.fixspelltimer.patch
- Resolves: rhbz#544218 add
openoffice.org-3.2.0.ooo107552.vcl.sft.patch
- Resolves: rhbz#545783 add workspace.vcl105.patch
- Fri Nov 27 2009 Caolan McNamara <caolanm at
redhat.com> - 1:3.1.1-19.20
- Resolves: rhbz#541222 add
openoffice.org-3.2.0.ooo107260.dtrans.clipboard.shutdo
wn.patch (caolanm)
- Mon Nov 23 2009 Caolan McNamara <caolanm at redhat.com>
- 1:3.1.1-19.19
- Resolves: rhbz#540379/ooo#107131 impress tabledrag
crash
- Resolves: rhbz#540231 add
openoffice.org-3.2.0.oooXXXXX.canvas.fixcolorspace.pat
ch
- add
openoffice.org-4.2.0.ooo107151.sc.pop-empty-cell.patch
(dtardon)
- Resolves: rhbz#533538 OpenOffice keyboard shortcuts
mis-map in the Spanish localized version of OOo
(caolanm)
- Tue Nov 17 2009 Caolan McNamara <caolanm at redhat.com>
- 1:3.1.1-19.18
- Resolves: ooo#59648 sw .doc export scaling (caolanm)
- Tue Nov 10 2009 Caolan McNamara <caolanm at
redhat.com> - 1:3.1.1-19.17
- Resolves: rhbz#533841 ooo#105710 svx
loadstorenumbering (caolanm)
[plus 8 lines in the Changelog]
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=527512"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=527540"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=533038"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=533043"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2010-February/035109.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?7a24e1b6"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected openoffice.org package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_cwe_id(94, 119, 189);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openoffice.org");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12");
script_set_attribute(attribute:"vuln_publication_date", value:"2010/02/16");
script_set_attribute(attribute:"patch_publication_date", value:"2010/02/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC12", reference:"openoffice.org-3.1.1-19.26.fc12")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openoffice.org");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | openoffice.org | p-cpe:/a:fedoraproject:fedora:openoffice.org |
fedoraproject | fedora | 12 | cpe:/o:fedoraproject:fedora:12 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2949
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3301
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3302
www.nessus.org/u?7a24e1b6
bugzilla.redhat.com/show_bug.cgi?id=527512
bugzilla.redhat.com/show_bug.cgi?id=527540
bugzilla.redhat.com/show_bug.cgi?id=533038
bugzilla.redhat.com/show_bug.cgi?id=533043