United States : 
Unknown Browser
www.ltdw.net 
Articles Sécurité Mandriva Security MDVSA-2011:027: openoffice.org
Articles Sécurité Mandriva Security MDVSA-2011:027: openoffice.org
| MDVSA-2011:027: openoffice.org |
 |
 |
 |
(0 Votes)| Écrit par Administrator |
| Mardi, 15 Février 2011 00:00 |
|
Multiple vulnerabilities were discovered and corrected in
OpenOffice.org: Multiple directory traversal vulnerabilities allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in an XSLT JAR filter description file, an Extension (aka OXT) file, or unspecified other JAR or ZIP files (CVE-2010-3450). Use-after-free vulnerability in oowriter allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document (CVE-2010-3451). Use-after-free vulnerability in oowriter allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document (CVE-2010-3452). The WW8ListManager::WW8ListManager function in oowriter does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write (CVE-2010-3453). Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write (CVE-2010-3454). soffice places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-3689). Heap-based buffer overflow in Impress allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document (CVE-2010-4253). Heap-based buffer overflow in Impress allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TGA file in an ODF or Microsoft Office document (CVE-2010-4643). OpenOffice.org packages have been updated in order to fix these issues. Additionally openoffice.org-voikko packages that require OpenOffice.org are also being provided and voikko package is upgraded from 2.0 to 2.2.1 version in MES5.1. 
|