[gentoo-announce] [ GLSA 200603-25 ] OpenOffice.org: Heap overflow in included libcurl - gentoo-announce

From:	Stefan Cornelius <dercorny@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200603-25 ] OpenOffice.org: Heap overflow in included libcurl
Date:	Mon, 27 Mar 2006 18:17:19
Message-Id:	`200603271952.50446.dercorny@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200603-25

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: OpenOffice.org: Heap overflow in included libcurl

9

      Date: March 27, 2006

10

      Bugs: #126433

11

        ID: 200603-25

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

OpenOffice.org contains a vulnerable version of libcurl that may cause

19

a heap overflow when parsing URLs.

20

21

Background

22

==========

23

24

OpenOffice.org is an office productivity suite, including word

25

processing, spreadsheet, presentation, data charting, formula editing

26

and file conversion facilities. libcurl, which is included in

27

OpenOffice.org, is a free and easy-to-use client-side library for

28

transferring files with URL syntaxes, supporting numerous protocols.

29

30

Affected packages

31

=================

32

33

    -------------------------------------------------------------------

34

     Package                    /  Vulnerable  /            Unaffected

35

    -------------------------------------------------------------------

36

  1  app-office/openoffice-bin       < 2.0.2                  >= 2.0.2

37

  2  app-office/openoffice         < 2.0.1-r1              >= 2.0.1-r1

38

    -------------------------------------------------------------------

39

     2 affected packages on all of their supported architectures.

40

    -------------------------------------------------------------------

41

42

Description

43

===========

44

45

OpenOffice.org includes libcurl code. This libcurl code is vulnerable

46

to a heap overflow when it tries to parse a URL that exceeds a 256-byte

47

limit (GLSA 200512-09).

48

49

Impact

50

======

51

52

An attacker could entice a user to call a specially crafted URL with

53

OpenOffice.org, potentially resulting in the execution of arbitrary

54

code with the rights of the user running the application.

55

56

Workaround

57

==========

58

59

There is no known workaround at this time.

60

61

Resolution

62

==========

63

64

All OpenOffice.org binary users should upgrade to the latest version:

65

66

    # emerge --sync

67

    # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.0.2"

68

69

All OpenOffice.org users should upgrade to the latest version:

70

71

    # emerge --sync

72

    # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.0.1-r1"

73

74

References

75

==========

76

77

  [ 1 ] CVE-2005-4077

78

        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077

79

  [ 2 ] Hardened-PHP Advisory 24/2005

80

        http://www.hardened-php.net/advisory_242005.109.html

81

  [ 3 ] GLSA 200512-09

82

        http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml

83

84

Availability

85

============

86

87

This GLSA and any updates to it are available for viewing at

88

the Gentoo Security Website:

89

90

  http://security.gentoo.org/glsa/glsa-200603-25.xml

91

92

Concerns?

93

=========

94

95

Security is a primary focus of Gentoo Linux and ensuring the

96

confidentiality and security of our users machines is of utmost

97

importance to us. Any security concerns should be addressed to

98

security@g.o or alternatively, you may file a bug at

99

http://bugs.gentoo.org.

100

101

License

102

=======

103

104

Copyright 2006 Gentoo Foundation, Inc; referenced text

105

belongs to its owner(s).

106

107

The contents of this document are licensed under the

108

Creative Commons - Attribution / Share Alike license.

109

110

http://creativecommons.org/licenses/by-sa/2.0

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200603-25
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: OpenOffice.org: Heap overflow in included libcurl
9	Date: March 27, 2006
10	Bugs: #126433
11	ID: 200603-25
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	OpenOffice.org contains a vulnerable version of libcurl that may cause
19	a heap overflow when parsing URLs.
20
21	Background
22	==========
23
24	OpenOffice.org is an office productivity suite, including word
25	processing, spreadsheet, presentation, data charting, formula editing
26	and file conversion facilities. libcurl, which is included in
27	OpenOffice.org, is a free and easy-to-use client-side library for
28	transferring files with URL syntaxes, supporting numerous protocols.
29
30	Affected packages
31	=================
32
33	-------------------------------------------------------------------
34	Package / Vulnerable / Unaffected
35	-------------------------------------------------------------------
36	1 app-office/openoffice-bin < 2.0.2 >= 2.0.2
37	2 app-office/openoffice < 2.0.1-r1 >= 2.0.1-r1
38	-------------------------------------------------------------------
39	2 affected packages on all of their supported architectures.
40	-------------------------------------------------------------------
41
42	Description
43	===========
44
45	OpenOffice.org includes libcurl code. This libcurl code is vulnerable
46	to a heap overflow when it tries to parse a URL that exceeds a 256-byte
47	limit (GLSA 200512-09).
48
49	Impact
50	======
51
52	An attacker could entice a user to call a specially crafted URL with
53	OpenOffice.org, potentially resulting in the execution of arbitrary
54	code with the rights of the user running the application.
55
56	Workaround
57	==========
58
59	There is no known workaround at this time.
60
61	Resolution
62	==========
63
64	All OpenOffice.org binary users should upgrade to the latest version:
65
66	# emerge --sync
67	# emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.0.2"
68
69	All OpenOffice.org users should upgrade to the latest version:
70
71	# emerge --sync
72	# emerge --ask --oneshot --verbose ">=app-office/openoffice-2.0.1-r1"
73
74	References
75	==========
76
77	[ 1 ] CVE-2005-4077
78	http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4077
79	[ 2 ] Hardened-PHP Advisory 24/2005
80	http://www.hardened-php.net/advisory_242005.109.html
81	[ 3 ] GLSA 200512-09
82	http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml
83
84	Availability
85	============
86
87	This GLSA and any updates to it are available for viewing at
88	the Gentoo Security Website:
89
90	http://security.gentoo.org/glsa/glsa-200603-25.xml
91
92	Concerns?
93	=========
94
95	Security is a primary focus of Gentoo Linux and ensuring the
96	confidentiality and security of our users machines is of utmost
97	importance to us. Any security concerns should be addressed to
98	security@g.o or alternatively, you may file a bug at
99	http://bugs.gentoo.org.
100
101	License
102	=======
103
104	Copyright 2006 Gentoo Foundation, Inc; referenced text
105	belongs to its owner(s).
106
107	The contents of this document are licensed under the
108	Creative Commons - Attribution / Share Alike license.
109
110	http://creativecommons.org/licenses/by-sa/2.0

Gentoo Archives: gentoo-announce