Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in OpenOffice.org
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in OpenOffice.org
ID: USN-1496-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS
Datum: Di, 3. Juli 2012, 08:15
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2334
Applikationen: OpenOffice.org

Originalnachricht


--===============0086530009939554988==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-jDKZpl05oC847UQYMOFl"


--=-jDKZpl05oC847UQYMOFl
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1496-1
July 02, 2012

openoffice.org vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

OpenOffice.org could be made to crash or potentially run programs as your
login if it opened a specially crafted file.

Software Description:
- openoffice.org: Office productivity suite

Details:

A stack-based buffer overflow was discovered in the Lotus Word Pro import
filter in OpenOffice.org. The default compiler options for affected
releases should reduce the vulnerability to a denial of service.
(CVE-2011-2685)

Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash
if it opened a specially crafted Word document. (CVE-2011-2713)

Integer overflows were discovered in the graphics loading code of several
different image types. If a user were tricked into opening a specially
crafted file, an attacker could cause OpenOffice.org to crash or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-1149)

Sven Jacobi discovered an integer overflow when processing Escher graphics
records. If a user were tricked into opening a specially crafted PowerPoint
file, an attacker could cause OpenOffice.org to crash or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2012-2334)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
openoffice.org-core 1:3.2.0-7ubuntu4.3

After a standard system update you need to restart OpenOffice.org to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1496-1
CVE-2011-2685, CVE-2011-2713, CVE-2012-1149, CVE-2012-2334

Package Information:
https://launchpad.net/ubuntu/+source/openoffice.org/1:3.2.0-7ubuntu4.3



--ÓDKZpl05oC847UQYMOFl
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJP8lHDAAoJEFHb3FjMVZVzPqwQALmZFNCpo00kdDKkUp1T7KJe
V8aIhPZILPa7WFUlUzd+JzQ1x3cndcYqKN0TQF0Bg6N0+U8cd+M9Fsq4OUXyZ/y7
8Chr1+ojD9KOvB7cfKOMHmJkurkXWp8nfGTL7KNZrcs/wOYAzRzwDqshHEiHxMGu
EEqjaSDZEMYcnLpzDuPWAuBbBpwvIbU/XSq6c6GDHRkqwyR1IWTYk4A8DIJcrZ8q
twm3l+zUzjCW2gKRNqdhMokTQNpHzzR04eZglKGML/ak3BwLk5I2oN0ENN+sAt60
6qy8YUHv4K41jaKdr2829oAoxJd+CgY2Z/assA8OR3EFp/jb0OkDOnuFZwGddLE7
rEpLwPsq9igtaxVinlyU20/3PjB/pvELf+6yPel9GySD7Gv05rVvFAAZxnAnmOgI
fYpPp3uc20/T9NPMXGkYco3SMKyDFVbXBwluixeOd8UXpZLrDX4E9FQNEvX88m/h
VggZpJHfZrvGaEMDLBMqRPVFf6EwGbfQoTfXS5qXkWAld5RJMcRsGgY75ZJr+e2v
rZGIzut3zLOEpTeeps+rqMK1WFbyZ8N2EEbn1BpOyTRNDGKAWEvWkJYSP/mcIVDg
bVJ+FWCW16YA0FcT+yaPFbeeaPdicx1TSXU5Ub+5avBWC4EpZRtLrNzo6Cb2IYlh
7UkrYXk9g734KcCIw4CL
=TDzj
-----END PGP SIGNATURE-----

--=-jDKZpl05oC847UQYMOFl--



--===============0086530009939554988==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============0086530009939554988==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung