Säkerhetsbulletin från Debian
DSA-1104-2 openoffice.org -- flera sårbarheter
- Rapporterat den:
- 2006-06-30
- Berörda paket:
- openoffice.org
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2006-2198, CVE-2006-2199, CVE-2006-3117.
- Ytterligare information:
-
Inläsning av felformaterade XML-dokument kunde orsaka ett buffertspill i OpenOffice.org, en fri kontorssvit, och utnyttjas till en överbelastningsattack eller exekvera godtycklig kod. Det visade sig att korrigeringen i DSA 1104-1 inte var tillräcklig, varför det kommer en ny uppdatering. Texten från originalbulletinen bifogas nedan:
Flera sårbarheter har upptäckts i OpenOffice.org, en fri kontorssvit. Projektet Common Vulnerabilities and Exposures identifierar följande problem:
- CVE-2006-2198
Det visade sig vara möjligt att bädda in godtyckliga BASIC-makron i dokument på ett sätt så att OpenOffice.org inte såg dem men ändå exekverade dem utan att fråga användaren.
- CVE-2006-2199
Det var möjligt att förbigå Java-sandlådan med specialskrivna Javaminiprogram.
- CVE-2006-3117
Inläsning av felformaterade XML-dokument kunde orsaka buffertspill och utföra en överbelastningsattack eller exekvera godtycklig kod.
Denna uppdatering av inaktiverats Mozillakomponenten så att Mozilla-/LDAP-adressboksfunktionen inte längre fungerar. Den fungerade ändå inte för något annat än i386 på Sarge.
Den gamla stabila utgåvan (Woody) innehåller inte paket för OpenOffice.org.
För den stabila utgåvan (Sarge) har detta problem rättats i version 1.1.3-9sarge3.
För den instabila utgåvan (Sid) har detta problem rättats i version 2.0.3-1.
Vi rekommenderar att ni uppgraderar era OpenOffice.org-paket.
- CVE-2006-2198
- Rättat i:
-
Debian GNU/Linux 3.1 (sarge)
- Källkod:
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge3.dsc
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge3.diff.gz
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge3.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-mimelnk_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-thesaurus-en-us_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_1.1.3-9sarge3_all.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge3_all.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge3_i386.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_i386.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge3_i386.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge3_i386.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge3_i386.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_i386.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge3_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge3_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge3_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge3_powerpc.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge3_s390.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_s390.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge3_s390.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge3_s390.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge3_s390.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge3_sparc.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_sparc.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge3_sparc.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge3_sparc.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge3_sparc.deb
- http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.
MD5-kontrollsummor för dessa filer finns i reviderade bulletinen.