3

USN-840-1: OpenOffice.org vulnerabilities

view full story
linux-howto

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-0200, CVE-2009-0201, CVE-2009-2139 Description:  =========================================================== Ubuntu Security Notice USN-840-1 October 01, 2009 openoffice.org vulnerabilities CVE-2009-0200, CVE-2009-0201, CVE-2009-2139 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: openoffice.org-core 1:2.4.1-1ubuntu2.2 Ubuntu 8.10: openoffice.org-core 1:2.4.1-11ubuntu2.2 Ubuntu 9.04: openoffice.org-core 1:3.0.1-9ubuntu3.1 After a standard system upgrade you need to restart OpenOffice.org to effect the necessary changes. Details follow: Dyon Balding discovered flaws in the way OpenOffice.org handled tables. If a user were tricked into opening a specially crafted Word document, a remote attacker might be able to execute arbitrary code with user privileges. (CVE-2009-0200, CVE-2009-0201) A memory overflow flaw was discovered in OpenOffice.org's handling of EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. (CVE-2009-2139) (Distributions)