1. Ubuntu Security Notices
  2. USN-1056-1

USN-1056-1: OpenOffice.org vulnerabilities

Publication date

2 February 2011

Overview

Multiple vulnerabilities in OpenOffice.org

Releases

Packages

Details

Charlie Miller discovered several heap overflows in PPT processing. If
a user or automated system were tricked into opening a specially crafted
PPT document, a remote attacker could execute arbitrary code with user
privileges. Ubuntu 10.10 was not affected. (CVE-2010-2935, CVE-2010-2936)

Marc Schoenefeld discovered that directory traversal was not correctly
handled in XSLT, OXT, JAR, or ZIP files. If a user or automated system
were tricked into opening a specially crafted document, a remote attacker
overwrite arbitrary files, possibly leading to arbitrary code execution
with user privileges. (CVE-2010-3450)

Dan Rosenberg discovered multiple heap overflows in RTF and DOC
processing. If a user or automated system were tricked into opening a
specially crafted RTF or DOC document, a remote attacker could...

Charlie Miller discovered several heap overflows in PPT processing. If
a user or automated system were tricked into opening a specially crafted
PPT document, a remote attacker could execute arbitrary code with user
privileges. Ubuntu 10.10 was not affected. (CVE-2010-2935, CVE-2010-2936)

Marc Schoenefeld discovered that directory traversal was not correctly
handled in XSLT, OXT, JAR, or ZIP files. If a user or automated system
were tricked into opening a specially crafted document, a remote attacker
overwrite arbitrary files, possibly leading to arbitrary code execution
with user privileges. (CVE-2010-3450)

Dan Rosenberg discovered multiple heap overflows in RTF and DOC
processing. If a user or automated system were tricked into opening a
specially crafted RTF or DOC document, a remote attacker could execute
arbitrary code with user privileges. (CVE-2010-3451, CVE-2010-3452,
CVE-2010-3453, CVE-2010-3454)

Dmitri Gribenko discovered that OpenOffice.org did not correctly
handle LD_LIBRARY_PATH in various tools. If a local attacker
tricked a user or automated system into using OpenOffice.org from an
attacker-controlled directory, they could execute arbitrary code with
user privileges. (CVE-2010-3689)

Marc Schoenefeld discovered that OpenOffice.org did not correctly process
PNG images. If a user or automated system were tricked into opening a
specially crafted document, a remote attacker could execute arbitrary
code with user privileges. (CVE-2010-4253)

It was discovered that OpenOffice.org did not correctly process TGA
images. If a user or automated system were tricked into opening a
specially crafted document, a remote attacker could execute arbitrary
code with user privileges. (CVE-2010-4643)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
9.10 karmic openoffice.org-impress –  1:3.1.1-5ubuntu1.3
openoffice.org-writer –  1:3.1.1-5ubuntu1.3
openoffice.org-core –  1:3.1.1-5ubuntu1.3
8.04 hardy openoffice.org-impress –  1:2.4.1-1ubuntu2.5
openoffice.org-writer –  1:2.4.1-1ubuntu2.5
openoffice.org-core –  1:2.4.1-1ubuntu2.5
10.10 maverick openoffice.org-impress –  1:3.2.1-7ubuntu1.1
openoffice.org-writer –  1:3.2.1-7ubuntu1.1
openoffice.org-core –  1:3.2.1-7ubuntu1.1
10.04 lucid openoffice.org-impress –  1:3.2.0-7ubuntu4.2
openoffice.org-writer –  1:3.2.0-7ubuntu4.2
openoffice.org-core –  1:3.2.0-7ubuntu4.2

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›