4

USN-903-1: OpenOffice.org vulnerabilities

view full story
linux-howto

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-0217, CVE-2009-2949, CVE-2009-2950, CVE-2009-3301, CVE-2009-3302, CVE-2010-0136 Description:  =========================================================== Ubuntu Security Notice USN-903-1 February 24, 2010 openoffice.org vulnerabilities CVE-2009-0217, CVE-2009-2949, CVE-2009-2950, CVE-2009-3301, CVE-2009-3302, CVE-2010-0136 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: openoffice.org-core 1:2.4.1-1ubuntu2.3 Ubuntu 8.10: openoffice.org-core 1:2.4.1-11ubuntu2.3 Ubuntu 9.04: openoffice.org-core 1:3.0.1-9ubuntu3.2 Ubuntu 9.10: openoffice.org-core 1:3.1.1-5ubuntu1.1 After a standard system upgrade you need to restart OpenOffice to effect the necessary changes. Details follow: It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) Sebastian Apelt and Frank Reißner discovered that OpenOffice did not correctly import XPM and GIF images. If a user were tricked into opening a specially crafted image, an attacker could execute arbitrary code with user privileges. (CVE-2009-2949, CVE-2009-2950) Nicolas Joly discovered that OpenOffice did not correctly handle certain Word documents. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary code with user privileges. (CVE-2009-3301, CVE-2009-3302) It was discovered that OpenOffice did not correctly handle certain VBA macros correctly. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary macro commands, bypassing security controls. (CVE-2010-0136) (Distributions)