openoffice.org - several vulnerabilities

Several security related problems have been discovered in the
OpenOffice.org package that allows malformed documents to trick the
system into crashes or even the execution of arbitrary code.

• CVE-2010-3450
  During an internal security audit within Red Hat, a directory
  traversal vulnerability has been discovered in the way
  OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If
  a local user is tricked into opening a specially-crafted OOo XML
  filters package file, this problem could allow remote attackers to
  create or overwrite arbitrary files belonging to local user or,
  potentially, execute arbitrary code.
• CVE-2010-3451
  During his work as a consultant at Virtual Security Research
  (VSR), Dan Rosenberg discovered a vulnerability in
  OpenOffice.org’s RTF parsing functionality. Opening a maliciously
  crafted RTF document can cause an out-of-bounds memory read into
  previously allocated heap memory, which may lead to the execution
  of arbitrary code.
• CVE-2010-3452
  Dan Rosenberg discovered a vulnerability in the RTF file parser
  which can be leveraged by attackers to achieve arbitrary code
  execution by convincing a victim to open a maliciously crafted RTF
  file.
• CVE-2010-3453
  As part of his work with Virtual Security Research, Dan Rosenberg
  discovered a vulnerability in the WW8ListManager::WW8ListManager()
  function of OpenOffice.org that allows a maliciously crafted file
  to cause the execution of arbitrary code.
• CVE-2010-3454
  As part of his work with Virtual Security Research, Dan Rosenberg
  discovered a vulnerability in the WW8DopTypography::ReadFromMem()
  function in OpenOffice.org that may be exploited by a maliciously
  crafted file which allows an attacker to control program flow
  and potentially execute arbitrary code.
• CVE-2010-3689
  Dmitri Gribenko discovered that the soffice script does not treat
  an empty LD_LIBRARY_PATH variable like an unset one, which may lead to
  the execution of arbitrary code.
• CVE-2010-4253
  A heap based buffer overflow has been discovered with unknown
  impact.
• CVE-2010-4643
  A vulnerability has been discovered in the way OpenOffice.org
  handles TGA graphics which can be tricked by a specially crafted
  TGA file that could cause the program to crash due to a heap-based
  buffer overflow with unknown impact.

For the stable distribution (lenny) these problems have been fixed in
version 2.4.1+dfsg-1+lenny11.

For the upcoming stable distribution (squeeze) these problems have
been fixed in version 3.2.1-11+squeeze1.

For the unstable distribution (sid) these problems have been fixed in
version 3.2.1-11+squeeze1.

For the experimental distribution these problems have been fixed in
version 3.3.0~rc3-1.

We recommend that you upgrade your OpenOffice.org packages.