--===============0176098191331060373==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
 boundary="dDRMvlgZJXvWKvBx"
Content-Disposition: inline


--dDRMvlgZJXvWKvBx
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inlin
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-903-1          February 24, 2010
openoffice.org vulnerabilities
CVE-2009-0217, CVE-2009-2949, CVE-2009-2950, CVE-2009-3301,
CVE-2009-3302, CVE-2010-0136
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  openoffice.org-core             1:2.4.1-1ubuntu2.3

Ubuntu 8.10:
  openoffice.org-core             1:2.4.1-11ubuntu2.3

Ubuntu 9.04:
  openoffice.org-core             1:3.0.1-9ubuntu3.2

Ubuntu 9.10:
  openoffice.org-core             1:3.1.1-5ubuntu1.1

After a standard system upgrade you need to restart OpenOffice to effect
the necessary changes.

Details follow:

It was discovered that the XML HMAC signature system did not
correctly check certain lengths. If an attacker sent a truncated
HMAC, it could bypass authentication, leading to potential privilege
escalation. (CVE-2009-0217)

Sebastian Apelt and Frank Rei