[gentoo-announce] [ GLSA 200504-13 ] OpenOffice.Org: DOC document Heap Overflow - gentoo-announce

From:	Sune Kloppenborg Jeppesen <jaervosz@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200504-13 ] OpenOffice.Org: DOC document Heap Overflow
Date:	Fri, 15 Apr 2005 16:08:48
Message-Id:	`200504151810.47259.jaervosz@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200504-13

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: OpenOffice.Org: DOC document Heap Overflow

9

      Date: April 15, 2005

10

      Bugs: #88863

11

        ID: 200504-13

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

OpenOffice.Org is vulnerable to a heap overflow when processing DOC

19

documents, which could lead to arbitrary code execution.

20

21

Background

22

==========

23

24

OpenOffice.org is an office productivity suite, including word

25

processing, spreadsheets, presentations, drawings, data charting,

26

formula editing, and file conversion facilities.

27

28

Affected packages

29

=================

30

31

    -------------------------------------------------------------------

32

     Package                       /  Vulnerable  /         Unaffected

33

    -------------------------------------------------------------------

34

  1  app-office/openoffice            < 1.1.4-r1           >= 1.1.4-r1

35

  2  app-office/openoffice-bin        < 1.1.4-r1           >= 1.1.4-r1

36

  3  app-office/openoffice-ximian     < 1.3.9-r1           >= 1.3.9-r1

37

                                                          *>= 1.3.6-r1

38

                                                          *>= 1.3.7-r1

39

    -------------------------------------------------------------------

40

     3 affected packages on all of their supported architectures.

41

    -------------------------------------------------------------------

42

43

Description

44

===========

45

46

AD-LAB has discovered a heap overflow in the "StgCompObjStream::Load()"

47

function when processing DOC documents.

48

49

Impact

50

======

51

52

An attacker could design a malicious DOC document containing a

53

specially crafted header which, when processed by OpenOffice.Org, would

54

result in the execution of arbitrary code with the rights of the user

55

running the application.

56

57

Workaround

58

==========

59

60

There is no known workaround at this time.

61

62

Resolution

63

==========

64

65

All OpenOffice.Org users should upgrade to the latest version:

66

67

    # emerge --sync

68

    # emerge --ask --oneshot --verbose ">=app-office/openoffice-1.1.4-r1"

69

70

All OpenOffice.Org binary users should upgrade to the latest version:

71

72

    # emerge --sync

73

    # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-1.1.4-r1"

74

75

All OpenOffice.Org Ximian users should upgrade to the latest version:

76

77

    # emerge --sync

78

    # emerge --ask --oneshot --verbose app-office/openoffice-ximian

79

80

Note to PPC users: There is no fixed OpenOffice.Org binary version for

81

the PPC architecture yet. Affected users are encouraged to switch to

82

the latest OpenOffice.Org source package.

83

84

Note to SPARC users: There is no stable OpenOffice.Org fixed version

85

for the SPARC architecture. Affected users should switch to the latest

86

OpenOffice.Org Ximian version.

87

88

References

89

==========

90

91

  [ 1 ] OpenOffice.Org Issue 46388

92

        http://www.openoffice.org/issues/show_bug.cgi?id=46388

93

  [ 2 ] CAN-2005-0941

94

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0941

95

96

Availability

97

============

98

99

This GLSA and any updates to it are available for viewing at

100

the Gentoo Security Website:

101

102

  http://security.gentoo.org/glsa/glsa-200504-13.xml

103

104

Concerns?

105

=========

106

107

Security is a primary focus of Gentoo Linux and ensuring the

108

confidentiality and security of our users machines is of utmost

109

importance to us. Any security concerns should be addressed to

110

security@g.o or alternatively, you may file a bug at

111

http://bugs.gentoo.org.

112

113

License

114

=======

115

116

Copyright 2005 Gentoo Foundation, Inc; referenced text

117

belongs to its owner(s).

118

119

The contents of this document are licensed under the

120

Creative Commons - Attribution / Share Alike license.

121

122

http://creativecommons.org/licenses/by-sa/2.0

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200504-13
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: OpenOffice.Org: DOC document Heap Overflow
9	Date: April 15, 2005
10	Bugs: #88863
11	ID: 200504-13
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	OpenOffice.Org is vulnerable to a heap overflow when processing DOC
19	documents, which could lead to arbitrary code execution.
20
21	Background
22	==========
23
24	OpenOffice.org is an office productivity suite, including word
25	processing, spreadsheets, presentations, drawings, data charting,
26	formula editing, and file conversion facilities.
27
28	Affected packages
29	=================
30
31	-------------------------------------------------------------------
32	Package / Vulnerable / Unaffected
33	-------------------------------------------------------------------
34	1 app-office/openoffice < 1.1.4-r1 >= 1.1.4-r1
35	2 app-office/openoffice-bin < 1.1.4-r1 >= 1.1.4-r1
36	3 app-office/openoffice-ximian < 1.3.9-r1 >= 1.3.9-r1
37	*>= 1.3.6-r1
38	*>= 1.3.7-r1
39	-------------------------------------------------------------------
40	3 affected packages on all of their supported architectures.
41	-------------------------------------------------------------------
42
43	Description
44	===========
45
46	AD-LAB has discovered a heap overflow in the "StgCompObjStream::Load()"
47	function when processing DOC documents.
48
49	Impact
50	======
51
52	An attacker could design a malicious DOC document containing a
53	specially crafted header which, when processed by OpenOffice.Org, would
54	result in the execution of arbitrary code with the rights of the user
55	running the application.
56
57	Workaround
58	==========
59
60	There is no known workaround at this time.
61
62	Resolution
63	==========
64
65	All OpenOffice.Org users should upgrade to the latest version:
66
67	# emerge --sync
68	# emerge --ask --oneshot --verbose ">=app-office/openoffice-1.1.4-r1"
69
70	All OpenOffice.Org binary users should upgrade to the latest version:
71
72	# emerge --sync
73	# emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-1.1.4-r1"
74
75	All OpenOffice.Org Ximian users should upgrade to the latest version:
76
77	# emerge --sync
78	# emerge --ask --oneshot --verbose app-office/openoffice-ximian
79
80	Note to PPC users: There is no fixed OpenOffice.Org binary version for
81	the PPC architecture yet. Affected users are encouraged to switch to
82	the latest OpenOffice.Org source package.
83
84	Note to SPARC users: There is no stable OpenOffice.Org fixed version
85	for the SPARC architecture. Affected users should switch to the latest
86	OpenOffice.Org Ximian version.
87
88	References
89	==========
90
91	[ 1 ] OpenOffice.Org Issue 46388
92	http://www.openoffice.org/issues/show_bug.cgi?id=46388
93	[ 2 ] CAN-2005-0941
94	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0941
95
96	Availability
97	============
98
99	This GLSA and any updates to it are available for viewing at
100	the Gentoo Security Website:
101
102	http://security.gentoo.org/glsa/glsa-200504-13.xml
103
104	Concerns?
105	=========
106
107	Security is a primary focus of Gentoo Linux and ensuring the
108	confidentiality and security of our users machines is of utmost
109	importance to us. Any security concerns should be addressed to
110	security@g.o or alternatively, you may file a bug at
111	http://bugs.gentoo.org.
112
113	License
114	=======
115
116	Copyright 2005 Gentoo Foundation, Inc; referenced text
117	belongs to its owner(s).
118
119	The contents of this document are licensed under the
120	Creative Commons - Attribution / Share Alike license.
121
122	http://creativecommons.org/licenses/by-sa/2.0

Gentoo Archives: gentoo-announce