LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 28th, 2014
Linux Advisory Watch: November 21st, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: Updated OpenOffice.org packages fix vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. The updated packages have been patched to fix the issue.
 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                       MDVSA-2008:138-1
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : openoffice.org
 Date    : July 11, 2008
 Affected: Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Integer overflow in the rtl_allocateMemory function in
 sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4
 allows remote attackers to execute arbitrary code via a crafted file
 that triggers a heap-based buffer overflow.
 
 The updated packages have been patched to fix the issue.

 Update:

 The OpenOffice.org package for Mandriva Corporate 3 missed the patch
 application due to a build error. This update fixes that.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2152
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 deb62c6ac38652e0f1cd107a9e36061f  corporate/3.0/i586/OpenOffice.org-1.1.2-9.10.C30mdk.i586.rpm
 68b1c68929274570f63b2ef480273565  corporate/3.0/i586/OpenOffice.org-help-cs-1.1.2-9.10.C30mdk.i586.rpm
 5d9e047daeca2eee1ceb03dff3f0717f  corporate/3.0/i586/OpenOffice.org-help-de-1.1.2-9.10.C30mdk.i586.rpm
 6a18c0c6aef45ea21d3ebdaa4a1a0c89  corporate/3.0/i586/OpenOffice.org-help-en-1.1.2-9.10.C30mdk.i586.rpm
 26ed68798115b3d660cb6d31170c7863  corporate/3.0/i586/OpenOffice.org-help-es-1.1.2-9.10.C30mdk.i586.rpm
 ce1d88b2be8e0d8e163ab76b54ca2be8  corporate/3.0/i586/OpenOffice.org-help-eu-1.1.2-9.10.C30mdk.i586.rpm
 e5d6e7c7b1238d2c86626769a004b178  corporate/3.0/i586/OpenOffice.org-help-fi-1.1.2-9.10.C30mdk.i586.rpm
 77528eb1bea2608eb6a7d6c8cf4028d2  corporate/3.0/i586/OpenOffice.org-help-fr-1.1.2-9.10.C30mdk.i586.rpm
 dc5329a92519af7cdeaf8cd3eb17debe  corporate/3.0/i586/OpenOffice.org-help-it-1.1.2-9.10.C30mdk.i586.rpm
 01eeb6d31c609092351a0c84a1bd9681  corporate/3.0/i586/OpenOffice.org-help-ja-1.1.2-9.10.C30mdk.i586.rpm
 f2163e9c6a7a16946159f04ec1b46880  corporate/3.0/i586/OpenOffice.org-help-ko-1.1.2-9.10.C30mdk.i586.rpm
 f9e9f8a809ba9039239f986f52471873  corporate/3.0/i586/OpenOffice.org-help-nl-1.1.2-9.10.C30mdk.i586.rpm
 8d52a0982c03a3618e4a15adf18097d8  corporate/3.0/i586/OpenOffice.org-help-ru-1.1.2-9.10.C30mdk.i586.rpm
 b8b1f9084d1668a14e33e24e1d2747cd  corporate/3.0/i586/OpenOffice.org-help-sk-1.1.2-9.10.C30mdk.i586.rpm
 be5652146876e8e7093d589a46da9e4c  corporate/3.0/i586/OpenOffice.org-help-sv-1.1.2-9.10.C30mdk.i586.rpm
 d0747af0472c4c72cccff2bde1f7370d  corporate/3.0/i586/OpenOffice.org-help-zh_CN-1.1.2-9.10.C30mdk.i586.rpm
 d3986111638cf20bfc69e04c59de5dc1  corporate/3.0/i586/OpenOffice.org-help-zh_TW-1.1.2-9.10.C30mdk.i586.rpm
 313d425bc3d51e20b13cded8438daab5  corporate/3.0/i586/OpenOffice.org-l10n-ar-1.1.2-9.10.C30mdk.i586.rpm
 e240d5d7d0a3141cb8c8a069ff162922  corporate/3.0/i586/OpenOffice.org-l10n-ca-1.1.2-9.10.C30mdk.i586.rpm
 b0e4d37ab97342a21c044a77fbd66220  corporate/3.0/i586/OpenOffice.org-l10n-cs-1.1.2-9.10.C30mdk.i586.rpm
 78c7da7f08dd7123b38cc624fb10e6ee  corporate/3.0/i586/OpenOffice.org-l10n-da-1.1.2-9.10.C30mdk.i586.rpm
 9d1621a7ff292437de85cd0fb865d076  corporate/3.0/i586/OpenOffice.org-l10n-de-1.1.2-9.10.C30mdk.i586.rpm
 e1522a9b956f78efc75327d927d74640  corporate/3.0/i586/OpenOffice.org-l10n-el-1.1.2-9.10.C30mdk.i586.rpm
 b1fccdd50ec8ead7aaf1935ceadb2ece  corporate/3.0/i586/OpenOffice.org-l10n-en-1.1.2-9.10.C30mdk.i586.rpm
 1b7a41f8613d9866477e290db5e7725c  corporate/3.0/i586/OpenOffice.org-l10n-es-1.1.2-9.10.C30mdk.i586.rpm
 7755784029d99751f363a3d8c8d438bd  corporate/3.0/i586/OpenOffice.org-l10n-et-1.1.2-9.10.C30mdk.i586.rpm
 70ebedc05e22f215d6ac6b1fb9856883  corporate/3.0/i586/OpenOffice.org-l10n-eu-1.1.2-9.10.C30mdk.i586.rpm
 50fda3b2ecad139bd21874bbc37ac315  corporate/3.0/i586/OpenOffice.org-l10n-fi-1.1.2-9.10.C30mdk.i586.rpm
 03e31730f5df58afac498e0987bdef59  corporate/3.0/i586/OpenOffice.org-l10n-fr-1.1.2-9.10.C30mdk.i586.rpm
 b26e706a2d83ed7ddd94846fe9b8df5f  corporate/3.0/i586/OpenOffice.org-l10n-it-1.1.2-9.10.C30mdk.i586.rpm
 9484e29fa751546dc67dc62e02e5b542  corporate/3.0/i586/OpenOffice.org-l10n-ja-1.1.2-9.10.C30mdk.i586.rpm
 4bc8c3ac08b9484895db7451142c9d42  corporate/3.0/i586/OpenOffice.org-l10n-ko-1.1.2-9.10.C30mdk.i586.rpm
 1e7e25c63546c11d534888588f3e4ba1  corporate/3.0/i586/OpenOffice.org-l10n-nb-1.1.2-9.10.C30mdk.i586.rpm
 9b026f920eb5d6c6259ef85a02337c21  corporate/3.0/i586/OpenOffice.org-l10n-nl-1.1.2-9.10.C30mdk.i586.rpm
 46f7f043556cc93b19f67e668e4bba6a  corporate/3.0/i586/OpenOffice.org-l10n-nn-1.1.2-9.10.C30mdk.i586.rpm
 f69af85925a903562e4d0b72f453a33b  corporate/3.0/i586/OpenOffice.org-l10n-pl-1.1.2-9.10.C30mdk.i586.rpm
 97fe4423391ddbbe17d93ab89ecb2067  corporate/3.0/i586/OpenOffice.org-l10n-pt-1.1.2-9.10.C30mdk.i586.rpm
 5143ba17237cf4c899bf5d99c0fb8ec2  corporate/3.0/i586/OpenOffice.org-l10n-pt_BR-1.1.2-9.10.C30mdk.i586.rpm
 f6683bc3fd8f5f34c00cdf5c54605c65  corporate/3.0/i586/OpenOffice.org-l10n-ru-1.1.2-9.10.C30mdk.i586.rpm
 52061bdd8c76214eeea74778dc0052c3  corporate/3.0/i586/OpenOffice.org-l10n-sk-1.1.2-9.10.C30mdk.i586.rpm
 b9316b1409c1812feb3c531e270f11e6  corporate/3.0/i586/OpenOffice.org-l10n-sv-1.1.2-9.10.C30mdk.i586.rpm
 4bf141937f8b9ed8e6db9bbefd5ed6bf  corporate/3.0/i586/OpenOffice.org-l10n-tr-1.1.2-9.10.C30mdk.i586.rpm
 a812dfe9ababa84817409c1410861111  corporate/3.0/i586/OpenOffice.org-l10n-zh_CN-1.1.2-9.10.C30mdk.i586.rpm
 1af2f229debe28c47bec8480ccc6af08  corporate/3.0/i586/OpenOffice.org-l10n-zh_TW-1.1.2-9.10.C30mdk.i586.rpm
 af581eca2bbb327d370838663d45b47e  corporate/3.0/i586/OpenOffice.org-libs-1.1.2-9.10.C30mdk.i586.rpm 
 a0c76e124f956e44313d2060d3f36d99  corporate/3.0/SRPMS/OpenOffice.org-1.1.2-9.10.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Hacker Lexicon: What Is the Computer Fraud and Abuse Act?
World's best threat detection pwned by HOBBIT
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.