drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in OpenOffice.org
Name: |
Mehrere Probleme in OpenOffice.org |
|
ID: |
USN-1496-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 10.04 LTS |
|
Datum: |
Di, 3. Juli 2012, 08:15 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2334 |
|
Applikationen: |
Apache OpenOffice |
|
Originalnachricht |
--===============0086530009939554988== Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-jDKZpl05oC847UQYMOFl"
--=-jDKZpl05oC847UQYMOFl Content-Type: text/plain; charset="UTF-8 Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-1496-1 July 02, 2012
openoffice.org vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
OpenOffice.org could be made to crash or potentially run programs as your login if it opened a specially crafted file.
Software Description: - openoffice.org: Office productivity suite
Details:
A stack-based buffer overflow was discovered in the Lotus Word Pro import filter in OpenOffice.org. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2011-2685)
Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash if it opened a specially crafted Word document. (CVE-2011-2713)
Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-1149)
Sven Jacobi discovered an integer overflow when processing Escher graphics records. If a user were tricked into opening a specially crafted PowerPoint file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-2334)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 10.04 LTS: openoffice.org-core 1:3.2.0-7ubuntu4.3
After a standard system update you need to restart OpenOffice.org to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-1496-1 CVE-2011-2685, CVE-2011-2713, CVE-2012-1149, CVE-2012-2334
Package Information: https://launchpad.net/ubuntu/+source/openoffice.org/1:3.2.0-7ubuntu4.3
--ÓDKZpl05oC847UQYMOFl Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAABCgAGBQJP8lHDAAoJEFHb3FjMVZVzPqwQALmZFNCpo00kdDKkUp1T7KJe V8aIhPZILPa7WFUlUzd+JzQ1x3cndcYqKN0TQF0Bg6N0+U8cd+M9Fsq4OUXyZ/y7 8Chr1+ojD9KOvB7cfKOMHmJkurkXWp8nfGTL7KNZrcs/wOYAzRzwDqshHEiHxMGu EEqjaSDZEMYcnLpzDuPWAuBbBpwvIbU/XSq6c6GDHRkqwyR1IWTYk4A8DIJcrZ8q twm3l+zUzjCW2gKRNqdhMokTQNpHzzR04eZglKGML/ak3BwLk5I2oN0ENN+sAt60 6qy8YUHv4K41jaKdr2829oAoxJd+CgY2Z/assA8OR3EFp/jb0OkDOnuFZwGddLE7 rEpLwPsq9igtaxVinlyU20/3PjB/pvELf+6yPel9GySD7Gv05rVvFAAZxnAnmOgI fYpPp3uc20/T9NPMXGkYco3SMKyDFVbXBwluixeOd8UXpZLrDX4E9FQNEvX88m/h VggZpJHfZrvGaEMDLBMqRPVFf6EwGbfQoTfXS5qXkWAld5RJMcRsGgY75ZJr+e2v rZGIzut3zLOEpTeeps+rqMK1WFbyZ8N2EEbn1BpOyTRNDGKAWEvWkJYSP/mcIVDg bVJ+FWCW16YA0FcT+yaPFbeeaPdicx1TSXU5Ub+5avBWC4EpZRtLrNzo6Cb2IYlh 7UkrYXk9g734KcCIw4CL =TDzj -----END PGP SIGNATURE-----
--=-jDKZpl05oC847UQYMOFl--
--===============0086530009939554988== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0086530009939554988==--
|
|
|
|