From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1995-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 12, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : openoffice.org
Vulnerability : several
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2010-0136 CVE-2009-0217 CVE-2009-2949 CVE-2009-2950 CVE-2009-3301 CVE-2009-3302

Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2010-0136

It was discovered that macro security settings were insufficiently
enforced for VBA macros.

CVE-2009-0217

It was discovered that the W3C XML Signature recommendation
contains a protocol-level vulnerability related to HMAC output
truncation. This also affects the integrated libxmlsec library.

CVE-2009-2949

Sebastian Apelt discovered that an integer overflow in the XPM
import code may lead to the execution of arbitrary code.

CVE-2009-2950

Sebastian Apelt and Frank Reissner discovered that a buffer
overflow in the GIF import code may lead to the execution of
arbitrary code.

CVE-2009-3301/CVE-2009-3302

Nicolas Joly discovered multiple vulnerabilities in the parser for
Word document files, which may lead to the execution of arbitrary
code.

For the old stable distribution (etch), these problems have been fixed in version 2.0.4.dfsg.2-7etch9.

For the stable distribution (lenny), these problems have been fixed in
version 1:2.4.1+dfsg-1+lenny6.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your openoffice.org packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch9.diff.gz
Size/MD5 checksum: 76916303 5bc5cd4de218c953e873f184940627e9
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch8.dsc
Size/MD5 checksum: 7899 205a9931b8c072c20074cf9010fa68f1
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch9.dsc
Size/MD5 checksum: 7899 2efd2f003abd66ad91e3846b7b2523fc
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2-7etch8.diff.gz
Size/MD5 checksum: 76919759 e64ff39e7cdc6b356e392659df1d133e
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_2.0.4.dfsg.2.orig.tar.gz
Size/MD5 checksum: 232674922 2f1a5d92188639d3634bd6d1b1c29038

Architecture independent packages:

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-filter-mobiledev_2.0.4.dfsg.2-7etch9_all.deb
Size/MD5 checksum: 310088 094f3c2ddf7b970f48aec970139364a4
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-bn_2.0.4.dfsg.2-7etch9_all.deb
Size/MD5 checksum: 855632 2113cfefb96df246b0155d881d470e75
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-dz_2.0.4.dfsg.2-7etch9_all.deb
Size/MD5 checksum: 958448 e3b631372d8c2e74952029b1fc4160b7
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lv_2.0.4.dfsg.2-7etch9_all.deb
Size/MD5 checksum: 876232 3fa4f8170202053f9d058e35f3b96787
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dtd-officedocument1.0_2.0.4.dfsg.2-7etch8_all.deb
Size/MD5 checksum: 252818 0f7b8d4f64c20d638cf013ca5f05f560
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-km_2.0.4.dfsg.2-7etch8_all.deb
Size/MD5 checksum: 14428532 226ceed7094982695140a2a1562c5916
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ga_2.0.4.dfsg.2-7etch9_all.deb
Size/MD5 checksum: 882468 d92e9ee37438142078466cc4e7823196
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ml-in_2.0.4.dfsg.2-7etch8_all.deb
Size/MD5 checksum: 925116 b48c430ef50e7dd75f18b2a6e026fc97
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-zh-tw_2.0.4.dfsg.2-7etch9_all.deb
Size/MD5 checksum: 12198960 860f59878ef76d4a8f7fff8596b2c88d
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_2.0.4.dfsg.2-7etch9_all.deb
Size/MD5 checksum: 1987242 b38746caf4f6c42501ca7c28ca9b6eb8
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-hi-in_2.0.4.dfsg.2-7etch8_all.deb
Size/MD5 checksum: 13165298 dd97e3c6bbc8c10b192a82d58273bc31
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-help-ja_2.0.4.dfsg.2-7etch8_all.deb
Size/MD5 checksum: 12764772 1697bb3296f906ff2b1441341d2e806c
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_2.0.4.dfsg.2-7etch9_all.deb
Size/MD5 checksum: 857320 83fadac3d5ccdcb9e6bf78c1dea51455
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-common_2.0.4.dfsg.2-7etch9_all.deb
Size/MD5 checksum: 27310496 68056f2509204ed802199ba8f3ed2515
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ne_2.0.4.dfsg.2-7etch9_all.deb

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)