[gentoo-announce] [ GLSA 200607-12 ] OpenOffice.org: Multiple vulnerabilities - gentoo-announce

From:	Stefan Cornelius <dercorny@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200607-12 ] OpenOffice.org: Multiple vulnerabilities
Date:	Fri, 28 Jul 2006 20:49:43
Message-Id:	`44CA731F.701@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200607-12

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: OpenOffice.org: Multiple vulnerabilities

9

      Date: July 28, 2006

10

      Bugs: #138545

11

        ID: 200607-12

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

OpenOffice.org is affected by three security vulnerabilities which can

19

be exploited to allow the execution of arbitrary code by a remote

20

attacker.

21

22

Background

23

==========

24

25

OpenOffice.org is an open source office productivity suite, including

26

word processing, spreadsheet, presentation, drawing, data charting,

27

formula editing, and file conversion facilities.

28

29

Affected packages

30

=================

31

32

    -------------------------------------------------------------------

33

     Package                    /  Vulnerable  /            Unaffected

34

    -------------------------------------------------------------------

35

  1  app-office/openoffice           < 2.0.3                  >= 2.0.3

36

  2  app-office/openoffice-bin       < 2.0.3                  >= 2.0.3

37

    -------------------------------------------------------------------

38

     2 affected packages on all of their supported architectures.

39

    -------------------------------------------------------------------

40

41

Description

42

===========

43

44

Internal security audits by OpenOffice.org have discovered three

45

security vulnerabilities related to Java applets, macros and the XML

46

file format parser.

47

48

* Specially crafted Java applets can break through the "sandbox".

49

50

* Specially crafted macros make it possible to inject BASIC code into

51

  documents which is executed when the document is loaded.

52

53

* Loading a malformed XML file can cause a buffer overflow.

54

55

Impact

56

======

57

58

An attacker might exploit these vulnerabilities to escape the Java

59

sandbox, execute arbitrary code or BASIC code with the permissions of

60

the user running OpenOffice.org.

61

62

Workaround

63

==========

64

65

Disabling Java applets will protect against the vulnerability in the

66

handling of Java applets. There are no workarounds for the macro and

67

file format vulnerabilities.

68

69

Resolution

70

==========

71

72

All OpenOffice.org users should upgrade to the latest version:

73

74

    # emerge --sync

75

    # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.0.3"

76

77

References

78

==========

79

80

  [ 1 ] OpenOffice.org Security Bulletin 2006-06-29

81

        http://www.openoffice.org/security/bulletin-20060629.html

82

  [ 2 ] CVE-2006-2199

83

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2199

84

  [ 3 ] CVE-2006-2198

85

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2198

86

  [ 4 ] CVE-2006-3117

87

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117

88

89

Availability

90

============

91

92

This GLSA and any updates to it are available for viewing at

93

the Gentoo Security Website:

94

95

  http://security.gentoo.org/glsa/glsa-200607-12.xml

96

97

Concerns?

98

=========

99

100

Security is a primary focus of Gentoo Linux and ensuring the

101

confidentiality and security of our users machines is of utmost

102

importance to us. Any security concerns should be addressed to

103

security@g.o or alternatively, you may file a bug at

104

http://bugs.gentoo.org.

105

106

License

107

=======

108

109

Copyright 2006 Gentoo Foundation, Inc; referenced text

110

belongs to its owner(s).

111

112

The contents of this document are licensed under the

113

Creative Commons - Attribution / Share Alike license.

114

115

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200607-12
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: OpenOffice.org: Multiple vulnerabilities
9	Date: July 28, 2006
10	Bugs: #138545
11	ID: 200607-12
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	OpenOffice.org is affected by three security vulnerabilities which can
19	be exploited to allow the execution of arbitrary code by a remote
20	attacker.
21
22	Background
23	==========
24
25	OpenOffice.org is an open source office productivity suite, including
26	word processing, spreadsheet, presentation, drawing, data charting,
27	formula editing, and file conversion facilities.
28
29	Affected packages
30	=================
31
32	-------------------------------------------------------------------
33	Package / Vulnerable / Unaffected
34	-------------------------------------------------------------------
35	1 app-office/openoffice < 2.0.3 >= 2.0.3
36	2 app-office/openoffice-bin < 2.0.3 >= 2.0.3
37	-------------------------------------------------------------------
38	2 affected packages on all of their supported architectures.
39	-------------------------------------------------------------------
40
41	Description
42	===========
43
44	Internal security audits by OpenOffice.org have discovered three
45	security vulnerabilities related to Java applets, macros and the XML
46	file format parser.
47
48	* Specially crafted Java applets can break through the "sandbox".
49
50	* Specially crafted macros make it possible to inject BASIC code into
51	documents which is executed when the document is loaded.
52
53	* Loading a malformed XML file can cause a buffer overflow.
54
55	Impact
56	======
57
58	An attacker might exploit these vulnerabilities to escape the Java
59	sandbox, execute arbitrary code or BASIC code with the permissions of
60	the user running OpenOffice.org.
61
62	Workaround
63	==========
64
65	Disabling Java applets will protect against the vulnerability in the
66	handling of Java applets. There are no workarounds for the macro and
67	file format vulnerabilities.
68
69	Resolution
70	==========
71
72	All OpenOffice.org users should upgrade to the latest version:
73
74	# emerge --sync
75	# emerge --ask --oneshot --verbose ">=app-office/openoffice-2.0.3"
76
77	References
78	==========
79
80	[ 1 ] OpenOffice.org Security Bulletin 2006-06-29
81	http://www.openoffice.org/security/bulletin-20060629.html
82	[ 2 ] CVE-2006-2199
83	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2199
84	[ 3 ] CVE-2006-2198
85	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2198
86	[ 4 ] CVE-2006-3117
87	http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117
88
89	Availability
90	============
91
92	This GLSA and any updates to it are available for viewing at
93	the Gentoo Security Website:
94
95	http://security.gentoo.org/glsa/glsa-200607-12.xml
96
97	Concerns?
98	=========
99
100	Security is a primary focus of Gentoo Linux and ensuring the
101	confidentiality and security of our users machines is of utmost
102	importance to us. Any security concerns should be addressed to
103	security@g.o or alternatively, you may file a bug at
104	http://bugs.gentoo.org.
105
106	License
107	=======
108
109	Copyright 2006 Gentoo Foundation, Inc; referenced text
110	belongs to its owner(s).
111
112	The contents of this document are licensed under the
113	Creative Commons - Attribution / Share Alike license.
114
115	http://creativecommons.org/licenses/by-sa/2.5