[USN-1496-1] OpenOffice.org vulnerabilities
Jamie Strandboge
jamie at canonical.com
Tue Jul 3 01:58:27 UTC 2012
==========================================================================
Ubuntu Security Notice USN-1496-1
July 02, 2012
openoffice.org vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
OpenOffice.org could be made to crash or potentially run programs as your
login if it opened a specially crafted file.
Software Description:
- openoffice.org: Office productivity suite
Details:
A stack-based buffer overflow was discovered in the Lotus Word Pro import
filter in OpenOffice.org. The default compiler options for affected
releases should reduce the vulnerability to a denial of service.
(CVE-2011-2685)
Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash
if it opened a specially crafted Word document. (CVE-2011-2713)
Integer overflows were discovered in the graphics loading code of several
different image types. If a user were tricked into opening a specially
crafted file, an attacker could cause OpenOffice.org to crash or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-1149)
Sven Jacobi discovered an integer overflow when processing Escher graphics
records. If a user were tricked into opening a specially crafted PowerPoint
file, an attacker could cause OpenOffice.org to crash or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2012-2334)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
openoffice.org-core 1:3.2.0-7ubuntu4.3
After a standard system update you need to restart OpenOffice.org to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1496-1
CVE-2011-2685, CVE-2011-2713, CVE-2012-1149, CVE-2012-2334
Package Information:
https://launchpad.net/ubuntu/+source/openoffice.org/1:3.2.0-7ubuntu4.3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20120702/7d7d681b/attachment.sig>
More information about the ubuntu-security-announce
mailing list