[Full-disclosure] [FLSA-2005:154988] Updated openoffice.org packages fix security issues

From: Marc Deslauriers (marcdeslauriers_at_videotron.ca)
Date: 05/13/05

  • Next message: Marc Deslauriers: "[Full-disclosure] [FLSA-2005:152912] Updated imap packages fix security issues"
    Date: Thu, 12 May 2005 20:33:24 -0400
    To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
    
    
    
    

    ---------------------------------------------------------------------
                   Fedora Legacy Update Advisory

    Synopsis: Updated openoffice.org packages fix security issues
    Advisory ID: FLSA:154988
    Issue date: 2005-05-12
    Product: Red Hat Linux, Fedora Core
    Keywords: Bugfix
    CVE Names: CAN-2004-0752 CAN-2005-0941
    ---------------------------------------------------------------------

    ---------------------------------------------------------------------
    1. Topic:

    Updated openoffice.org packages that fix two security issues are now
    available.

    OpenOffice.org is an office productivity suite that includes desktop
    applications such as a word processor, spreadsheet, presentation
    manager, formula editor, and drawing program.

    2. Relevant releases/architectures:

    Red Hat Linux 9 - i386
    Fedora Core 1 - i386
    Fedora Core 2 - i386

    3. Problem description:

    Secunia Research reported an issue with the handling of temporary
    files. A malicious local user could use this flaw to access the contents
    of another user's open documents. The Common Vulnerabilities and
    Exposures project (cve.mitre.org) has assigned the name CAN-2004-0752 to
    this issue.

    A heap based buffer overflow bug was found in the OpenOffice.org DOC
    file processor. An attacker could create a carefully crafted DOC file in
    such a way that it could cause OpenOffice.org to execute arbitrary code
    when the file was opened by a victim. The Common Vulnerabilities and
    Exposures project (cve.mitre.org) has assigned the name CAN-2005-0941 to
    this issue.

    All users of OpenOffice.org are advised to upgrade to these updated
    packages which contain backported patches to correct these issues.

    4. Solution:

    Before applying this update, make sure all previously released errata
    relevant to your system have been applied.

    To update all RPMs for your particular architecture, run:

    rpm -Fvh [filenames]

    where [filenames] is a list of the RPMs you wish to upgrade. Only those
    RPMs which are currently installed will be updated. Those RPMs which
    are not installed but included in the list will not be updated. Note
    that you can also use wildcards (*.rpm) if your current directory *only*
    contains the desired RPMs.

    Please note that this update is also available via yum and apt. Many
    people find this an easier way to apply updates. To use yum issue:

    yum update

    or to use apt:

    apt-get update; apt-get upgrade

    This will start an interactive process that will result in the
    appropriate RPMs being upgraded on your system. This assumes that you
    have yum or apt-get configured for obtaining Fedora Legacy content.
    Please visit http://www.fedoralegacy.org/docs for directions on how to
    configure yum and apt-get.

    5. Bug IDs fixed:

    https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154989
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154988
    https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154742

    6. RPMs required:

    Red Hat Linux 9:

    SRPM:
    http://download.fedoralegacy.org/redhat/9/updates/SRPMS/openoffice-1.0.2-11.2.legacy.src.rpm

    i386:
    http://download.fedoralegacy.org/redhat/9/updates/i386/openoffice-1.0.2-11.2.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/openoffice-i18n-1.0.2-11.2.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/openoffice-libs-1.0.2-11.2.legacy.i386.rpm

    Fedora Core 1:

    SRPM:
    http://download.fedoralegacy.org/fedora/1/updates/SRPMS/openoffice.org-1.1.0-16.2.legacy.src.rpm

    i386:
    http://download.fedoralegacy.org/fedora/1/updates/i386/openoffice.org-1.1.0-16.2.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/openoffice.org-i18n-1.1.0-16.2.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/openoffice.org-libs-1.1.0-16.2.legacy.i386.rpm

    Fedora Core 2:

    SRPM:
    http://download.fedoralegacy.org/fedora/2/updates/SRPMS/openoffice.org-1.1.3-11.4.0.fc2.src.rpm

    i386:
    http://download.fedoralegacy.org/fedora/2/updates/i386/openoffice.org-1.1.3-11.4.0.fc2.i386.rpm
    http://download.fedoralegacy.org/fedora/2/updates/i386/openoffice.org-i18n-1.1.3-11.4.0.fc2.i386.rpm
    http://download.fedoralegacy.org/fedora/2/updates/i386/openoffice.org-kde-1.1.3-11.4.0.fc2.i386.rpm
    http://download.fedoralegacy.org/fedora/2/updates/i386/openoffice.org-libs-1.1.3-11.4.0.fc2.i386.rpm

    7. Verification:

    SHA1 sum Package Name
    ---------------------------------------------------------------------

    8b3935db6ed8864aa0839971c272eacd4cb46963
    redhat/9/updates/i386/openoffice-1.0.2-11.2.legacy.i386.rpm
    b3bbc948ec2c261fe0b44bc5f6ffd0d38243c241
    redhat/9/updates/i386/openoffice-i18n-1.0.2-11.2.legacy.i386.rpm
    fc5a82e620de2fd69f3327382a44c6159c73087d
    redhat/9/updates/i386/openoffice-libs-1.0.2-11.2.legacy.i386.rpm
    b71dd5e5630c2967e78d4e9339075d736b6b6773
    redhat/9/updates/SRPMS/openoffice-1.0.2-11.2.legacy.src.rpm
    e93f1b81c245b1d5168256b24aa8c82f6dacb2da
    fedora/1/updates/i386/openoffice.org-1.1.0-16.2.legacy.i386.rpm
    1adaa0cf3764aaef0cd8a9597d24f217ee547d0a
    fedora/1/updates/i386/openoffice.org-i18n-1.1.0-16.2.legacy.i386.rpm
    2ebd3693673e0320c2d6407696949cf0fef2b9b3
    fedora/1/updates/i386/openoffice.org-libs-1.1.0-16.2.legacy.i386.rpm
    d9ca1a29721ad845db6de1a01c6096163e54078d
    fedora/1/updates/SRPMS/openoffice.org-1.1.0-16.2.legacy.src.rpm
    a28d80af75d648060587326ef3872a240e339b87
    fedora/2/updates/i386/openoffice.org-1.1.3-11.4.0.fc2.i386.rpm
    ff7f301dfedbb042810991928ec59aee83c2b12e
    fedora/2/updates/i386/openoffice.org-i18n-1.1.3-11.4.0.fc2.i386.rpm
    ed14c1e035b9a1fa44b1c16812bae81894d74828
    fedora/2/updates/i386/openoffice.org-kde-1.1.3-11.4.0.fc2.i386.rpm
    06e156914d032b19deb05c27da73fd6901b45fe5
    fedora/2/updates/i386/openoffice.org-libs-1.1.3-11.4.0.fc2.i386.rpm
    a003e78128a72b0d297d0fdb5faf5e1793cd02e6
    fedora/2/updates/SRPMS/openoffice.org-1.1.3-11.4.0.fc2.src.rpm

    These packages are GPG signed by Fedora Legacy for security. Our key is
    available from http://www.fedoralegacy.org/about/security.php

    You can verify each package with the following command:

        rpm --checksig -v <filename>

    If you only wish to verify that each package has not been corrupted or
    tampered with, examine only the sha1sum with the following command:

        sha1sum <filename>

    8. References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0752
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0941

    9. Contact:

    The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
    project details at http://www.fedoralegacy.org

    ---------------------------------------------------------------------

    
    

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/



  • Next message: Marc Deslauriers: "[Full-disclosure] [FLSA-2005:152912] Updated imap packages fix security issues"

    Relevant Pages