Security Information / 2011 / Security Information -- DSA-2275-1 openoffice.org

Debian Security Advisory

DSA-2275-1 openoffice.org -- stack-based buffer overflow

Date Reported:

07 Jul 2011

Affected Packages:

openoffice.org

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

Will Dormann and Jared Allar discovered that the Lotus Word Pro import filter of OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft Office, is not properly handling object ids in the .lwp file format. An attacker can exploit this with a specially crafted file and execute arbitrary code with the rights of the victim importing the file.

The oldstable distribution (lenny) is not affected by this problem.

For the stable distribution (squeeze), this problem has been fixed in version 1:3.2.1-11+squeeze3.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in libreoffice version 1:3.3.3-1.

We recommend that you upgrade your openoffice.org packages.