Malte Timmermann | 28 Jan 12:10 2011
Picon

CVE-2010-3689: Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts

CVE-2010-3689

Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts

    * Synopsis: The OpenOffice.org start script and other shell scripts
      expand the LD_LIBRARY_PATH in a insecure way
    * State: Resolved

1. Impact

The OpenOffice.org start script and other shell scripts expand the
LD_LIBRARY_PATH in a way that the current directory might be searched
for libraries before /lib and /usr/lib, which can have security
implications.

2. Affected releases

    * All versions of OpenOffice.org 3 prior to version 3.3

    Note: OpenOffice.org 2 is not impacted by this issue.
          Earlier versions of OpenOffice.org are no longer supported
          and will not be evaluated regarding this issue.

3. Symptoms

There are no predictable symptoms that would indicate this issue has
occurred.

4. Relief/Workaround

(Continue reading)

Malte Timmermann | 28 Jan 12:10 2011
Picon

CVE-2010-3451 / CVE-2010-3452: Security Vulnerability in OpenOffice.org related to RTF document processing

CVE-2010-3451 CVE-2010-3452

Security Vulnerability in OpenOffice.org related to RTF document processing

    * Synopsis: A security vulnerability in OpenOffice.org, related to
      RTF document processing, may lead to arbitrary code execution.
    * State: Resolved

1. Impact

A security vulnerability in OpenOffice.org, related to RTF document
processing, may allow a remote unprivileged user to execute arbitrary
code on the system with the privileges of a local user running
OpenOffice.org, if the local user opens a crafted RTF document provided
by the remote user.

2. Affected releases

    * All versions of OpenOffice.org 3 prior to version 3.3
    * All versions of OpenOffice.org 2

    Note: Earlier versions of OpenOffice.org are no longer supported
          and will not be evaluated regarding this issue.

3. Symptoms

There are no predictable symptoms that would indicate this issue has
occurred.

4. Relief/Workaround
(Continue reading)

Malte Timmermann | 28 Jan 12:10 2011
Picon

CVE-2010-3453 / CVE-2010-3454: Security Vulnerability in OpenOffice.org related to Word document processing

CVE-2010-3453 CVE-2010-3454

Security Vulnerability in OpenOffice.org related to Word document processing

    * Synopsis: A security vulnerability in OpenOffice.org, related to
      Word document processing, may lead to arbitrary code execution.
    * State: Resolved

1. Impact

A security vulnerability in OpenOffice.org, related to Word document
processing, may allow a remote unprivileged user to execute arbitrary
code on the system with the privileges of a local user running
OpenOffice.org, if the local user opens a crafted Word document provided
by the remote user.

2. Affected releases

    * All versions of OpenOffice.org 3 prior to version 3.3
    * All versions of OpenOffice.org 2

    Note: Earlier versions of OpenOffice.org are no longer supported
          and will not be evaluated regarding this issue.

3. Symptoms

There are no predictable symptoms that would indicate this issue has
occurred.

4. Relief/Workaround
(Continue reading)

Malte Timmermann | 28 Jan 12:11 2011
Picon

CVE-2010-4008 / CVE-2010-4494: Possible Security Vulnerability in OpenOffice.org resulting from 3rd party library LIBXML2

CVE-2010-4008 CVE-2010-4494

Possible Security Vulnerability in OpenOffice.org resulting from 3rd
party library LIBXML2

    * Synopsis: OpenOffice.org comes with a vulnerable version of 3rd
      party library LIBXML2
    * State: Resolved

1. Impact

OpenOffice.org comes with a vulnerable version of 3rd party library
LIBXML2, but it's unclear whether or not OpenOffice.org actually is
impacted by these issues.

2. Affected releases

    * All versions of OpenOffice.org 3 prior to version 3.3
    * All versions of OpenOffice.org 2

    Note: Earlier versions of OpenOffice.org are no longer supported
          and will not be evaluated regarding this issue.

3. Symptoms

There are no predictable symptoms that would indicate this issue has
occurred.

4. Relief/Workaround

(Continue reading)

Malte Timmermann | 28 Jan 12:11 2011
Picon

CVE-2010-3702 / CVE-2010-3704: Security Vulnerability in OpenOffice.org's PDF Import extension resulting from 3rd party library XPDF

CVE-2010-3702 CVE-2010-3704

Security Vulnerability in OpenOffice.org's PDF Import extension
resulting from 3rd party library XPDF

    * Synopsis: A security vulnerability in the 3rd party library XPDF,
      related to PDF document processing, may lead to arbitrary code
      execution.
    * State: Resolved

1. Impact

A security vulnerability in the 3rd party library XPDF (only used in the
PDF import extension), related to PDF document processing, may allow a
remote unprivileged user to execute arbitrary code on the system with
the privileges of a local user running OpenOffice.org, if the local user
opens a crafted PDF document provided by the remote user.

2. Affected releases

    * All versions of OpenOffice.org's PDF Import extension prior to
      version 1.0.4

3. Symptoms

There are no predictable symptoms that would indicate this issue has
occurred.

4. Relief/Workaround

(Continue reading)

Malte Timmermann | 28 Jan 12:10 2011
Picon

CVE-2010-2935 / CVE-2010-2936: Security Vulnerability in OpenOffice.org related to PowerPoint document processing

CVE-2010-2935 CVE-2010-2936

Security Vulnerability in OpenOffice.org related to PowerPoint document
processing

    * Synopsis: A security vulnerability in OpenOffice.org, related to
      PowerPoint document processing, may lead to arbitrary code
      execution.
    * State: Resolved

1. Impact

A security vulnerability in OpenOffice.org, related to PowerPoint
document processing, may allow a remote unprivileged user to execute
arbitrary code on the system with the privileges of a local user running
OpenOffice.org, if the local user opens a crafted PowerPoint document
provided by the remote user.

2. Affected releases

    * All versions of OpenOffice.org 3 prior to version 3.3
    * All versions of OpenOffice.org 2

    Note: Earlier versions of OpenOffice.org are no longer supported
          and will not be evaluated regarding this issue.

3. Symptoms

There are no predictable symptoms that would indicate this issue has
occurred.
(Continue reading)

Malte Timmermann | 28 Jan 12:11 2011
Picon

CVE-2010-4643: Security Vulnerability in OpenOffice.org related to TGA file processing

CVE-2010-4643

Security Vulnerability in OpenOffice.org related to TGA file processing

    * Synopsis: A security vulnerability in OpenOffice.org, related to
      TGA file processing, may lead to arbitrary code execution.
    * State: Resolved

1. Impact

A security vulnerability in OpenOffice.org, related to TGA file
processing, may allow a remote unprivileged user to execute arbitrary
code on the system with the privileges of a local user running
OpenOffice.org, if the local user opens a crafted TGA file provided by
the remote user.
Note: TGA files could be embedded in many different document types,
including all kind of ODF and MS Office documents.

2. Affected releases

    * All versions of OpenOffice.org 3 prior to version 3.3
    * All versions of OpenOffice.org 2

    Note: Earlier versions of OpenOffice.org are no longer supported
          and will not be evaluated regarding this issue.

3. Symptoms

There are no predictable symptoms that would indicate this issue has
occurred.
(Continue reading)

Malte Timmermann | 28 Jan 12:11 2011
Picon

CVE-2010-4253: Security Vulnerability in OpenOffice.org related to PNG file processing

CVE-2010-4253

Security Vulnerability in OpenOffice.org related to PNG file processing

    * Synopsis: A security vulnerability in OpenOffice.org, related to
      PNG file processing, may lead to arbitrary code execution.
    * State: Resolved

1. Impact

A security vulnerability in OpenOffice.org, related to PNG file
processing, may allow a remote unprivileged user to execute arbitrary
code on the system with the privileges of a local user running
OpenOffice.org, if the local user opens a crafted PNG file provided by
the remote user.
Note: PNG files could be embedded in many different document types,
including all kind of ODF and MS Office documents.

2. Affected releases

    * All versions of OpenOffice.org 3 prior to version 3.3
    * All versions of OpenOffice.org 2

    Note: Earlier versions of OpenOffice.org are no longer supported
          and will not be evaluated regarding this issue.

3. Symptoms

There are no predictable symptoms that would indicate this issue has
occurred.
(Continue reading)

Malte Timmermann | 28 Jan 12:10 2011
Picon

CVE-2010-3450: Security Vulnerability in OpenOffice.org related to Extensions and filter package files

CVE-2010-3450

Security Vulnerability in OpenOffice.org related to Extensions and
filter package files

    * Synopsis: A directory traversal vulnerability in OpenOffice.org,
      related to zip/jar package extraction, may lead to overwriting
      files and even to arbitrary code execution.
    * State: Resolved

1. Impact

A directory traversal vulnerability in OpenOffice.org, related to
zip/jar package extraction, may lead to overwriting files when relative
file locations point to locations outside the root of the destination
folder. This way important files could be overwritten, including
executables.

2. Affected releases

    * All versions of OpenOffice.org 3 prior to version 3.3
    * All versions of OpenOffice.org 2

    Note: Earlier versions of OpenOffice.org are no longer supported
          and will not be evaluated regarding this issue.

3. Symptoms

There are no predictable symptoms that would indicate this issue has
occurred.
(Continue reading)

Florian Effenberger | 4 Jun 12:19 2010

[security-alerts] CVE-2010-0395: Security vulnerability in OpenOffice.org related to python scripting

Synopsis

CVE-2010-0395: Security vulnerability in OpenOffice.org related to 
python scripting

1. Impact

A security vulnerability in OpenOffice.org related to python scripting 
might lead to unexpected code execution when using the built-in 
scripting IDE for exploring the python code.

2. Affected releases

All versions of OpenOffice.org 3 prior to version 3.2.1
All versions of OpenOffice.org 2

Note: Earlier versions of OpenOffice.org are no longer supported and 
will not be evaluated regarding this issue.

3. Symptoms

There are no predictable symptoms that would indicate this issue has 
occurred.

4. Relief/Workaround

As a workaround, do not inspect python code from non-trustworthy 
documents with the built-in scripting IDE and its dialogs.

5. Resolution
(Continue reading)

Florian Effenberger | 4 Jun 10:51 2010

[security-alerts] CVE-2009-3555: OpenOffice.org 2 and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party Libraries

Synopsis

CVE-2009-3555: OpenOffice.org 2 and 3 may be affected by the TLS/SSL 
Renegotiation Issue in 3rd Party Libraries

1. Impact

OpenOffice.org 2 and 3 ship with 3rd party libraries affected by the 
TLS/SSL renegotiation issue documented in CVE-2009-3555.

2. Affected releases

All versions of OpenOffice.org 3 prior to version 3.2.1
All versions of OpenOffice.org 2

Note: OpenOffice.org 1.1 is not impacted by this issue.

3. Symptoms

There are no predictable symptoms that would indicate this issue has 
occurred.

4. Relief/Workaround

None.

5. Resolution

This issue is addressed in the following release: OpenOffice.org 3.2.1
(Continue reading)


Gmane