Jump to content

Advisories MDVSA-2010:091: openoffice.org


Recommended Posts

This updates provides a new OpenOffice.org version 3.1.1. It holds

security and bug fixes described as follow:

 

An integer underflow might allow remote attackers to execute arbitrary

code via crafted records in the document table of a Word document,

leading to a heap-based buffer overflow (CVE-2009-0200).

 

A heap-based buffer overflow might allow remote attackers to execute

arbitrary code via unspecified records in a crafted Word document,

related to table parsing (CVE-2009-0201).

 

A heap-based buffer overflow allows remote attackers to execute

arbitrary code via a crafted EMF file (CVE-2009-2139).

 

Multiple heap-based buffer overflows allow remote attackers to execute

arbitrary code via a crafted EMF+ file (CVE-2009-2140).

 

OpenOffice's xmlsec uses a bundled Libtool which might load .la

file in the current working directory allowing local users to gain

privileges via a Trojan horse file. For enabling such vulnerability

xmlsec has to use --enable-crypto_dl building flag however it does

not, although the fix keeps protected against this threat whenever

that flag had been enabled (CVE-2009-3736).

 

Addittionaly this update provides following bug fixes:

 

OpenOffice.org is not properly configure to use the xdg-email

functionality of the FreeDesktop standard (#52195).

 

Template desktop icons are not properly set up then they are not

presented under the context menu of applications like Dolphin (#56439).

 

libia_ora-gnome is added as suggest as long as that package is needed

for a better look (#57385#c28).

 

It is enabled a fallback logic to properly select an OpenOffice.org

style whenever one is set up but that is not installed (#57530#c1,

#53284, #45133, #39043)

 

It is enabled the Firefox plugin for viewing OpenOffice.org documents

inside browser.

 

Further packages were provided to supply OpenOffice.org. 3.1.1

dependencies.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...