Pardus: 2011-34: OpenOffice: Multiple
Posted by Benjamin D. Thomas   
Multiple vulnerabilities have been fixed in openoffice.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-34            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-02-12
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
======
Multiple vulnerabilities have been fixed in openoffice.


Description
==========
CVE-2010-3451:

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and
3.x before 3.3 allows remote attackers to cause  a  denial  of  service
(application crash) or possibly execute arbitrary  code  via  malformed
tables in an RTF document.



CVE-2010-3452:

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and
3.x before 3.3 allows remote attackers to cause  a  denial  of  service
(application crash) or possibly execute arbitrary code via crafted tags
in an RTF document.



CVE-2010-3453:

The   WW8ListManager::WW8ListManager function    in    oowriter    in
OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an
unspecified number of list levels in user-defined list  styles  in  WW8
data in a Microsoft Word document, which  allows  remote  attackers  to
cause a denial of  service  (application  crash)  or  possibly  execute
arbitrary code via a crafted .DOC file that triggers  an  out-of-bounds
write.



CVE-2010-3454:

Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function
in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote
attackers to cause a denial of service (application crash) or  possibly
execute arbitrary code via crafted typography information in a Microsoft
Word .DOC file that triggers an out-of-bounds write.



CVE-2010-4253:

Heap-based buffer overflow in Impress in OpenOffice.org (OOo)  2.x  and
3.x before 3.3 allows remote attackers to cause  a  denial  of  service
(application crash) or possibly execute arbitrary code via a crafted PNG
file in an ODF or Microsoft  Office  document,  as  demonstrated  by  a
PowerPoint (aka PPT) document.



CVE-2010-4643:

Heap-based buffer overflow in Impress in OpenOffice.org (OOo)  2.x  and
3.x before 3.3 allows remote attackers to cause  a  denial  of  service
(application crash) or possibly execute arbitrary code via a crafted TGA
file in an ODF or Microsoft Office document.

















Affected packages:

  Pardus 2009:
    openoffice, all before 3.2.1.6-85-17


Resolution
=========
There are update(s) for openoffice. You can  update  them  via  Package
Manager or with a single command from console:

    pisi up openoffice

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id607
  * http://bugs.pardus.org.tr/show_bug.cgi?id610
  * http://bugs.pardus.org.tr/show_bug.cgi?id613
  * http://bugs.pardus.org.tr/show_bug.cgi?id616
  * http://bugs.pardus.org.tr/show_bug.cgi?id622
  * http://bugs.pardus.org.tr/show_bug.cgi?id625
  * http://bugs.pardus.org.tr/show_bug.cgi?id643

------------------------------------------------------------------------