[SECURITY] [DSA 2473-1] openoffice.org security update

2012-05-1622:04:38

lists.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

Low

EPSS

0.049

Percentile

92.9%

JSON

Debian Security Advisory DSA-2473-1 [email protected]
http://www.debian.org/security/ Florian Weimer
May 16, 2012 http://www.debian.org/security/faq

Package : openoffice.org
Vulnerability : buffer overflow
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2012-1149

Tielei Wang discovered that OpenOffice.org does not allocate a large
enough memory region when processing a specially crafted JPEG object,
leading to a heap-based buffer overflow and potentially arbitrary code
execution.

For the stable distribution (squeeze), this problem has been fixed in
version 1:3.2.1-11+squeeze5.

For the testing distribution (wheezy) and the unstable distribution
(sid), this problem has been fixed in version 1:3.4.5-1 of the
libreoffice package.

We recommend that you upgrade your openoffice.org packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6amd64ure< 1.6.1+OOo3.2.1-11+squeeze5ure_1.6.1+OOo3.2.1-11+squeeze5_amd64.deb
Debian6allopenoffice.org-l10n-eo< 1:3.2.1-11+squeeze6openoffice.org-l10n-eo_1:3.2.1-11+squeeze6_all.deb
Debian6sparcopenoffice.org-gnome< 1:3.2.1-11+squeeze5openoffice.org-gnome_1:3.2.1-11+squeeze5_sparc.deb
Debian6mipsure< 1.6.1+OOo3.2.1-11+squeeze6ure_1.6.1+OOo3.2.1-11+squeeze6_mips.deb
Debian6mipsopenoffice.org-core< 1:3.2.1-11+squeeze6openoffice.org-core_1:3.2.1-11+squeeze6_mips.deb
Debian6mipsopenoffice.org< 1:3.2.1-11+squeeze6openoffice.org_1:3.2.1-11+squeeze6_mips.deb
Debian6s390openoffice.org-writer< 1:3.2.1-11+squeeze5openoffice.org-writer_1:3.2.1-11+squeeze5_s390.deb
Debian6mipselopenoffice.org-calc< 1:3.2.1-11+squeeze6openoffice.org-calc_1:3.2.1-11+squeeze6_mipsel.deb
Debian6allopenoffice.org-l10n-as< 1:3.2.1-11+squeeze5openoffice.org-l10n-as_1:3.2.1-11+squeeze5_all.deb
Debian6armelopenoffice.org-dev< 1:3.2.1-11+squeeze6openoffice.org-dev_1:3.2.1-11+squeeze6_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	amd64	ure	< 1.6.1+OOo3.2.1-11+squeeze5	ure_1.6.1+OOo3.2.1-11+squeeze5_amd64.deb
Debian	6	all	openoffice.org-l10n-eo	< 1:3.2.1-11+squeeze6	openoffice.org-l10n-eo_1:3.2.1-11+squeeze6_all.deb
Debian	6	sparc	openoffice.org-gnome	< 1:3.2.1-11+squeeze5	openoffice.org-gnome_1:3.2.1-11+squeeze5_sparc.deb
Debian	6	mips	ure	< 1.6.1+OOo3.2.1-11+squeeze6	ure_1.6.1+OOo3.2.1-11+squeeze6_mips.deb
Debian	6	mips	openoffice.org-core	< 1:3.2.1-11+squeeze6	openoffice.org-core_1:3.2.1-11+squeeze6_mips.deb
Debian	6	mips	openoffice.org	< 1:3.2.1-11+squeeze6	openoffice.org_1:3.2.1-11+squeeze6_mips.deb
Debian	6	s390	openoffice.org-writer	< 1:3.2.1-11+squeeze5	openoffice.org-writer_1:3.2.1-11+squeeze5_s390.deb
Debian	6	mipsel	openoffice.org-calc	< 1:3.2.1-11+squeeze6	openoffice.org-calc_1:3.2.1-11+squeeze6_mipsel.deb
Debian	6	all	openoffice.org-l10n-as	< 1:3.2.1-11+squeeze5	openoffice.org-l10n-as_1:3.2.1-11+squeeze5_all.deb
Debian	6	armel	openoffice.org-dev	< 1:3.2.1-11+squeeze6	openoffice.org-dev_1:3.2.1-11+squeeze6_armel.deb