LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
SuSE: OpenOffice heap overflow problem Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
SuSE This security update fixes a buffer overflow in OpenOffice_org Microsoft Word document reader which could allow a remote attacker sending a handcrafted .doc file to execute code as the user opening the document in OpenOffice.
______________________________________________________________________________

                        SUSE Security Announcement

        Package:                OpenOffice_org
        Announcement-ID:        SUSE-SA:2005:025
        Date:                   Tue, 19 Apr 2005 13:00:00 +0000
        Affected products:      8.2, 9.0, 9.1, 9.2, 9.3
                                SUSE Linux Desktop 1.0
                                Novell Linux Desktop 9
        Vulnerability Type:     remote code execution
        Severity (1-10):        8
        SUSE default package:   yes
        Cross References:       CAN-2005-0941

    Content of this advisory:
        1) security vulnerability resolved:
             heap overflow in MS Word DOC file handling
           problem description
        2) solution/workaround
        3) special instructions and notes
        4) package location and checksums
        5) pending vulnerabilities, solutions, workarounds:
            See SUSE Security Summary Report.
        6) standard appendix (further information)

______________________________________________________________________________

1) problem description, brief discussion

    This security update fixes a buffer overflow in OpenOffice_org
    Microsoft Word document reader which could allow a remote attacker
    sending a handcrafted .doc file to execute code as the user
    opening the document in OpenOffice.

    This is tracked by the Mitre CVE ID CAN-2005-0941.


    WARNING: The updated packages are very large for distributions before
    SUSE Linux 9.2 and 9.3.

    The minimum download sizes for those are:
            SUSE Linux Desktop 1:   47 MB
            Novell Linux Desktop 9: 41 MB
            SUSE Linux 8.2:         37 MB
            SUSE Linux 9.0:         46 MB
            SUSE Linux 9.1:         50 MB
            SUSE Linux 9.2:          2.1 MB (using delta rpm)
            SUSE Linux 9.3:          3.5 MB (using delta rpm)

2) solution/workaround

    Install the updated packages.

    A possible workaround is to not open .DOC files from untrusted
    sources.

3) special instructions and notes

    Restart OpenOffice after the update.

4) package location and checksums

    Please download the update package for your distribution and verify its
    integrity by the methods listed in section 3) of this announcement.
    Then, install the package using the command "rpm -Fhv file.rpm" to apply
    the update.
    Our maintenance customers are being notified individually. The packages
    are being offered to install from the maintenance web.


    x86 Platform:

    SUSE Linux 9.3:
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-1.9.79-9.2.i586.rpm
           b552f46f192457b6487b60dd7adab845
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ar-1.9.79-9.2.i586.rpm
           8b3defa6812104ac95aa3ecd198c08e5
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ca-1.9.79-9.2.i586.rpm
           63a174e1f5b177e8d785f14a21f5bec5
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-cs-1.9.79-9.2.i586.rpm
           dcc5245c56657d6e20cc714b229390fd
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-da-1.9.79-9.2.i586.rpm
           bcb44ef1ef0688327e8b2304f2adfb76
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-de-1.9.79-9.2.i586.rpm
           3c166f9a421f0137134d750c869748cc
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-de-templates-8.2-157.i586.rpm
           b0bfd04da81ec413eab5ab292ab4d4f4
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-el-1.9.79-9.2.i586.rpm
           974366c76fe393438d9a3ab6f73b5bdb
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-es-1.9.79-9.2.i586.rpm
           17d21ae9d96670aca17b116d5770d0fb
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-et-1.9.79-9.2.i586.rpm
           e20309f95c285e141087f5472f0a37f2
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-fi-1.9.79-9.2.i586.rpm
           ca43a8e14d7662c41b8d60f1f526dca7
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-fr-1.9.79-9.2.i586.rpm
           b19618fd2ff92431f48f4fc36273ae1a
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-gnome-1.9.79-9.2.i586.rpm
           a12adba49239a86e174457fb95f5c576
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-hu-1.9.79-9.2.i586.rpm
           36057e0d7e178478a6b6eb119e7d56df
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-it-1.9.79-9.2.i586.rpm
           7d8d796f8bb9a8046b07af980f8adfc5
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ja-1.9.79-9.2.i586.rpm
           2160456066a9449daff5dcf26814882b
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-kde-1.9.79-9.2.i586.rpm
           305e8470904629f0c8e3a278d2f0b1e9
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ko-1.9.79-9.2.i586.rpm
           ab4cbc8427c84110990bcea0f7185322
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-nl-1.9.79-9.2.i586.rpm
           bbcef39ccd2be2b7b8611286427caf3c
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-pl-1.9.79-9.2.i586.rpm
           784fa5fef330224ea92ee8c7573444a5
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-pt-1.9.79-9.2.i586.rpm
           cf0a961f879a96af96b4b3464844f6e1
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ru-1.9.79-9.2.i586.rpm
           0e041750d71900ce52dd7e0192a65693
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sk-1.9.79-9.2.i586.rpm
           5f62da8fbdb0da4b63612a2b02a36dc1
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sl-1.9.79-9.2.i586.rpm
           dab43fb02881dd04a1f24b56a5f11f71
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sv-1.9.79-9.2.i586.rpm
           11be2bff9e95a2ae2b87cbb3ae763f46
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-tr-1.9.79-9.2.i586.rpm
           c0a8ba848b1b266b0d13f7905fe234e6
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-zh-CN-1.9.79-9.2.i586.rpm
           3f267e1277041393fcd28cc4cee59cf7
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-zh-TW-1.9.79-9.2.i586.rpm
           05bb29569bfdf851ac2c4d268c58bead

    SUSE Linux 9.2:
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-1.1.3-16.2.i586.rpm
           2293f4e4c6ab47b0614f7e9988273d6c
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ar-1.1.3-16.2.i586.rpm
           bb0f47a473f4262c2cdf8cd49e2564f9
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ca-1.1.3-16.2.i586.rpm
           7e2263e7703856b184cc8a76f799732a
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-cs-1.1.3-16.2.i586.rpm
           32d6b6ee86e395c442654409f11e9c9c
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-da-1.1.3-16.2.i586.rpm
           dca243c3ad1747021b1f5c7074e1e3b7
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-de-1.1.3-16.2.i586.rpm
           39f68abc86e4a5e33d42957d8a37af01
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-el-1.1.3-16.2.i586.rpm
           20eddfbefd818c8d1cfe599898893c50
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-en-1.1.3-16.2.i586.rpm
           4068f98e7f40d66905e5a253a2470cba
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-en-help-1.1.3-16.2.i586.rpm
           0a4286d62466addf22bb2bba7ab0c309
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-es-1.1.3-16.2.i586.rpm
           a3effffec6221f5e1edda0da2502fa77
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-et-1.1.3-16.2.i586.rpm
           7bca5b49f4ecd97331efdd8b9d02704f
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-fi-1.1.3-16.2.i586.rpm
           79eec2c6b39a24a80f2a2030167d327b
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-fr-1.1.3-16.2.i586.rpm
           640b167beaedb0e400a9945fbdec3346
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-gnome-1.1.3-16.2.i586.rpm
           fec069d75bd3036d9181789e47d5ff11
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-hu-1.1.3-16.2.i586.rpm
           2fae2a1136717f97eefb55eb86571099
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-it-1.1.3-16.2.i586.rpm
           0f170766b94adf4f0c86d2b251ef80b8
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ja-1.1.3-16.2.i586.rpm
           0b39736cdeab86262746d52f6ca6f4be
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-kde-1.1.3-16.2.i586.rpm
           ba6a72c373198ff4509e9870cb16f253
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ko-1.1.3-16.2.i586.rpm
           7a443cc6cb4d6880ffb1e02fa3aa0ba7
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-nl-1.1.3-16.2.i586.rpm
           dc6f63e7b9141838a46fa4738f038e58
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-pl-1.1.3-16.2.i586.rpm
           eca5ce05d506b0aeda52c89f4558cecd
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-pt-1.1.3-16.2.i586.rpm
           799d8c7f09c3459f90032d25be0f5525
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ru-1.1.3-16.2.i586.rpm
           01ebf77e4e283925a6506a24c3e8d865
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sk-1.1.3-16.2.i586.rpm
           aec3c6e8b4143d97f1b6d35bf1f3dc8a
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sl-1.1.3-16.2.i586.rpm
           8b074f282d1bb4d9883324f07ca5797e
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sv-1.1.3-16.2.i586.rpm
           0cd956b13b0bfa1b478f238426b61813
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-tr-1.1.3-16.2.i586.rpm
           09586c7bc9801d9a4b7ab5c026d88880
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-zh-CN-1.1.3-16.2.i586.rpm
           101e72d1f892b22d585688aad67ed5a8
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-zh-TW-1.1.3-16.2.i586.rpm
           73dbea37ec2f089f0932956782e4c923

    SUSE Linux 9.1:
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-1.1.1-23.6.i586.rpm
           acfc765af694e2dbad866400ff35baf1
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ar-1.1.1-23.6.i586.rpm
           0af9c4a72afa6e6fdde2b0bcc096666f
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-cs-1.1.1-23.6.i586.rpm
           da472e7cea51097743762bc6a2608aa4
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-da-1.1.1-23.6.i586.rpm
           70fdd4f83e0f18b1895e142b4e8f0f41
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-de-1.1.1-23.6.i586.rpm
           23e05864cc3993ea28b414b9fb8c14ad
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-el-1.1.1-23.6.i586.rpm
           cd516d937d0f11b99f9b89950136eac6
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-en-1.1.1-23.6.i586.rpm
           74e823e5c1af46a94a1439ceca09bf08
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-en-help-1.1.1-23.6.i586.rpm
           04e1cf5845598f842cca8a142e963206
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-es-1.1.1-23.6.i586.rpm
           d23180d06e4ee6aa2d92a3b3d4ff9036
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-et-1.1.1-23.6.i586.rpm
           2d48b32b780c40ba6edf87f205252f6f
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-fr-1.1.1-23.6.i586.rpm
           84eb506c11c687852d747e34ad58adb7
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-hu-1.1.1-23.6.i586.rpm
           7fc4d93253f873a84d5dcf1be56ea02b
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-it-1.1.1-23.6.i586.rpm
           d317a379e5e8d0dbd5c2637ebffdb978
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ja-1.1.1-23.6.i586.rpm
           84b4466a0ad38e1bee97bd76de10a650
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ko-1.1.1-23.6.i586.rpm
           8dd0108842f786c5278413017c178bd8
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-nl-1.1.1-23.6.i586.rpm
           f09448181bc7b7a4f0076694ec29f073
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-pl-1.1.1-23.6.i586.rpm
           637c906b339a24e984a6ee080dc57f42
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-pt-1.1.1-23.6.i586.rpm
           3b98ed06cb70895123b5bc9cbe8744b7
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ru-1.1.1-23.6.i586.rpm
           467c41efec48271d291cceb38709a2aa
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sk-1.1.1-23.6.i586.rpm
           a475fe4fb2a99341831fdc6da07497d0
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sl-1.1.1-23.6.i586.rpm
           ad03e64157d0c0ba9a31f2e3cc8c78f8
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sv-1.1.1-23.6.i586.rpm
           5efef74ffe625cf6e4f38b8738211a25
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-tr-1.1.1-23.6.i586.rpm
           fee1d6e9f05d59b95561dbe192ae927f
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-zh-CN-1.1.1-23.6.i586.rpm
           1ce11a3e8ecec9b032e4c250c7b7dcd7
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-zh-TW-1.1.1-23.6.i586.rpm
           cbff62da371e49552ced339f9a5a014e
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/OpenOffice_org-1.1.1-23.6.src.rpm
           e30ccd2e95d5f985be7918185e5347e6

    SUSE Linux 9.0:
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-1.1-100.i586.rpm
           2103fcc3a5de4724a96350b6c5aba23d
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-ar-1.1-100.i586.rpm
           24ef98c1b908db39073a792959a412db
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-cs-1.1-100.i586.rpm
           8b9b494f4ec8e0cad1a14c025fbe5025
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-da-1.1-100.i586.rpm
           a4f199cd7d077552b80b96fa8f573e8d
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-de-1.1-100.i586.rpm
           fa8bef6b96f4f44a5e65ba471b937c7c
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-el-1.1-100.i586.rpm
           182ab41d8b98cfcb25514d84f5426569
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-en-1.1-100.i586.rpm
           da512b6c56065b7d6537b0385fc89f90
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-en-help-1.1-100.i586.rpm
           7cd38f5e4381f64bd1cbf4c883b6cb6e
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-es-1.1-100.i586.rpm
           227616d6355d91b6a680837b546878bc
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-fr-1.1-100.i586.rpm
           9f052173c82e73b578f9edfbad5a7649
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-hu-1.1-100.i586.rpm
           b424833a10fad334502a0c73d1842d51
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-it-1.1-100.i586.rpm
           4a3706cd87d6938530d9bb7261eb7b2f
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-ja-1.1-100.i586.rpm
           00212453e83c014a68d51945f08cc486
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-ko-1.1-100.i586.rpm
           0da0e8b50393bccd6ed00aeaaef5809a
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-nl-1.1-100.i586.rpm
           ecfa98395e093e3ab2acb80b04cd234d
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-pl-1.1-100.i586.rpm
           6f50954b40c3d74c1cba1b1df920f25a
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-pt-1.1-100.i586.rpm
           9c052a19385612f952aff029086f6877
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-ru-1.1-100.i586.rpm
           ef3c9469080799b7ff1c40e8f54f72fe
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-sk-1.1-100.i586.rpm
           f28d7b1b30b5bfd06a5d774e424de7d9
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-sv-1.1-100.i586.rpm
           c0cbd660335c6418699993b1fb78a7e8
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-tr-1.1-100.i586.rpm
           b4d926bc3e1eea6edfd453f645d2e3bb
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-zh-CN-1.1-100.i586.rpm
           0fe30e9116ef5df1e776be3322381d0a
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-zh-TW-1.1-100.i586.rpm
           3c9f01c4cb808238967c386a9bbf95f2
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/OpenOffice_org-1.1-100.src.rpm
           6ad8a3d82246b021cedcd23f4ce74f1a

    SUSE Linux 8.2:
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-1.0.2-76.i586.rpm
           6b5f9f1b9bd7dad1d62619c46e471ee4
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-cs-1.0.2-76.i586.rpm
           966b54c4cc0a7eca79386d3d7eed358d
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-de-1.0.2-76.i586.rpm
           f857a4c91b90de7b46d9700439fc3dc4
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-en-1.0.2-76.i586.rpm
           65706db98543bdcf84b8ff1ec3be93ca
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-en-help-1.0.2-76.i586.rpm
           c574794e58d89c56b9cab405ca1462a6
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-es-1.0.2-76.i586.rpm
           6a6eed7174ec918d4c7617728e0328c3
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-fr-1.0.2-76.i586.rpm
           7428286d640ca1c4e0e8572acf1fa370
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-hu-1.0.2-76.i586.rpm
           27fae82ea8f296265847e26e91ead421
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-it-1.0.2-76.i586.rpm
           e4e70c8843084cbc9707e1baf7b9b9f4
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-nl-1.0.2-76.i586.rpm
           ae9a2d1c379be2581bd936e4f08c14bb
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-sv-1.0.2-76.i586.rpm
           401508cc4fdc89759f9c78497943456b
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/OpenOffice_org-1.0.2-76.src.rpm
           5a086c30ec314b476ef3fcc7399b921e


______________________________________________________________________________

5)  Pending vulnerabilities in SUSE Distributions and Workarounds:

    See SUSE Security Summary Report.
______________________________________________________________________________

6)  standard appendix: authenticity verification, additional information

  - Package authenticity verification:

    SUSE update packages are available on many mirror ftp servers all over
    the world. While this service is being considered valuable and important
    to the free and open source software community, many users wish to be
    sure about the origin of the package and its content before installing
    the package. There are two verification methods that can be used
    independently from each other to prove the authenticity of a downloaded
    file or rpm package:
    1) md5sums as provided in the (cryptographically signed) announcement.
    2) using the internal gpg signatures of the rpm package.

    1) execute the command
        md5sum 
       after you downloaded the file from a SUSE ftp server or its mirrors.
       Then, compare the resulting md5sum with the one that is listed in the
       announcement. Since the announcement containing the checksums is
       cryptographically signed (usually using the key security@suse.de),
       the checksums show proof of the authenticity of the package.
       We disrecommend to subscribe to security lists which cause the
       email message containing the announcement to be modified so that
       the signature does not match after transport through the mailing
       list software.
       Downsides: You must be able to verify the authenticity of the
       announcement in the first place. If RPM packages are being rebuilt
       and a new version of a package is published on the ftp server, all
       md5 sums for the files are useless.

    2) rpm package signatures provide an easy way to verify the authenticity
       of an rpm package. Use the command
        rpm -v --checksig 
       to verify the signature of the package, where  is the
       filename of the rpm package that you have downloaded. Of course,
       package authenticity verification can only target an un-installed rpm
       package file.
       Prerequisites:
        a) gpg is installed
        b) The package is signed using a certain key. The public part of this
           key must be installed by the gpg program in the directory
           ~/.gnupg/ under the user's home directory who performs the
           signature verification (usually root). You can import the key
           that is used by SUSE in rpm packages for SUSE Linux by saving
           this announcement to a file ("announcement.txt") and
           running the command (do "su -" to be root):
            gpg --batch; gpg < announcement.txt | gpg --import
           SUSE Linux distributions version 7.1 and thereafter install the
           key "build@suse.de" upon installation or upgrade, provided that
           the package gpg is installed. The file containing the public key
           is placed at the top-level directory of the first CD (pubring.gpg)
           and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .


  - SUSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   general/linux/SUSE security discussion.
            All SUSE security announcements are sent to this list.
            To subscribe, send an email to
                .

    suse-security-announce@suse.com
        -   SUSE's announce-only mailing list.
            Only SUSE's security announcements are sent to this list.
            To subscribe, send an email to
                .

    For general information or the frequently asked questions (faq)
    send mail to:
         or
         respectively.

    =====================================================================
    SUSE's security contact is  or .
    The  public key is listed below.
    =====================================================================
______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way. In particular,
    it is desired that the clear-text signature shows proof of the
    authenticity of the text.
    SUSE Linux AG makes no warranties of any kind whatsoever with respect
    to the information contained in this security advisory.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
How Hackers Hid a Money-Mining Botnet in Amazonís Cloud
Homeland Security gets into software security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.