[USN-313-2] OpenOffice.org vulnerabilities

To: ubuntu-security-announce@xxxxxxxxxxxxxxxx
Subject: [USN-313-2] OpenOffice.org vulnerabilities
From: Martin Pitt <martin.pitt@xxxxxxxxxxxxx>
Date: Wed, 19 Jul 2006 12:59:16 +0200
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Mutt/1.5.12-2006-07-14
===========================================================
Ubuntu Security Notice USN-313-2              July 19, 2006
openoffice.org2-amd64, openoffice.org2 vulnerabilities
CVE-2006-2198, CVE-2006-2199, CVE-2006-3117
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  openoffice.org2-common         1.9.129-0.1ubuntu4.1
  openoffice.org2-core           1.9.129-0.1ubuntu4.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-313-1 fixed several vulnerabilities in OpenOffice for Ubuntu 5.04 and
Ubuntu 6.06 LTS. This followup advisory provides the corresponding
update for Ubuntu 5.10.

For reference, these are the details of the original USN:

  It was possible to embed Basic macros in documents in a way that
  OpenOffice.org would not ask for confirmation about executing them. By
  tricking a user into opening a malicious document, this could be
  exploited to run arbitrary Basic code (including local file access and
  modification) with the user's privileges. (CVE-2006-2198)
  
  A flaw was discovered in the Java sandbox which allowed Java applets
  to break out of the sandbox and execute code without restrictions.  By
  tricking a user into opening a malicious document, this could be
  exploited to run arbitrary code with the user's privileges. This
  update disables Java applets for OpenOffice.org, since it is not
  generally possible to guarantee the sandbox restrictions.
  (CVE-2006-2199)
  
  A buffer overflow has been found in the XML parser. By tricking a user
  into opening a specially crafted XML file with OpenOffice.org, this
  could be exploited to execute arbitrary code with the user's
  privileges. (CVE-2006-3117)


Updated packages for Ubuntu 5.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-amd64_1.9.129-0.1ubuntu4.1-1.diff.gz
      Size/MD5:    30102 940d431dbc93185558bfe215f0d1bd31
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-amd64_1.9.129-0.1ubuntu4.1-1.dsc
      Size/MD5:      934 46517c65ab2797905ae5fc54e18f093a
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-amd64_1.9.129-0.1ubuntu4.1.orig.tar.gz
      Size/MD5: 280390449 8fc86346a5ca070fd41cc35ccf0db891
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2_1.9.129-0.1ubuntu4.1.diff.gz
      Size/MD5: 42651040 7eb1530f373880579e0b4f882d6f37d4
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2_1.9.129-0.1ubuntu4.1.dsc
      Size/MD5:     2747 1df80499afc5fe76f527f67baede96aa
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2_1.9.129.orig.tar.gz
      Size/MD5: 193239182 ca8c3fd5718fc31343abef213cb4df8d

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-common_1.9.129-0.1ubuntu4.1_all.deb
      Size/MD5: 22894532 9ceea05764f1f3c7c7fb6e9ba4cced06
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-dev-doc_1.9.129-0.1ubuntu4.1_all.deb
      Size/MD5:  4783358 d90c33a8f7d46ecb032e0b79a966cde0
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-java-common_1.9.129-0.1ubuntu4.1_all.deb
      Size/MD5:  2792520 8ff58905701deb746209f38d59e50fbe
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-l10n-en-us_1.9.129-0.1ubuntu4.1_all.deb
      Size/MD5:   588148 232eea25965ee05eb60579ec0c6680cf
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/ttf-opensymbol_1.9.129-0.1ubuntu4.1_all.deb
      Size/MD5:   145466 62a12f481a92cce78f521a2afeb60f42

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-base_1.9.129-0.1ubuntu4.1-1_amd64.deb
      Size/MD5:  2768862 e2e037a15d5aa56e0f5bde9300d78a7a
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-calc_1.9.129-0.1ubuntu4.1-1_amd64.deb
      Size/MD5:  3514372 0df198e3a69f04746605f52239b252b3
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-core_1.9.129-0.1ubuntu4.1-1_amd64.deb
      Size/MD5: 31007052 9bb773b5d9f762546389c33c410821a1
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-draw_1.9.129-0.1ubuntu4.1-1_amd64.deb
      Size/MD5:  1749028 06ad64a99ba5cddf8375b2a2a83bade0
    
http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org2-amd64/openoffice.org2-filter-so52_1.9.129-0.1ubuntu4.1-1_amd64.deb
      Size/MD5:    27834 6f299ed3a59ffcdd42ffc72c2f029bba
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-gnome_1.9.129-0.1ubuntu4.1-1_amd64.deb
      Size/MD5:   209174 5db2aa352812347fd4f011d4b4aab024
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-impress_1.9.129-0.1ubuntu4.1-1_amd64.deb
      Size/MD5:   549598 62ffa44a2a9a306bcec36c9f2b3fc22d
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-kde_1.9.129-0.1ubuntu4.1-1_amd64.deb
      Size/MD5:   191110 c5a69661259c1113d80f215fefe36568
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-math_1.9.129-0.1ubuntu4.1-1_amd64.deb
      Size/MD5:   306392 b5a3bfcd650a006c4f5cb89661549e91
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-writer_1.9.129-0.1ubuntu4.1-1_amd64.deb
      Size/MD5:  4676736 28d2cb3162d4f93ccac4100c030c689b
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2_1.9.129-0.1ubuntu4.1-1_amd64.deb
      Size/MD5:    29416 1c63923c1332e7d5611616fbcec70041

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org2/mozilla-openoffice.org_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:   102932 c012ddba2a7b4bb47f52ddc045121323
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-base_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:  2815856 214d0572b87722b94222b0c22ff6eaa0
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-calc_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:  3561586 b8ad2d631c574257f19a2812a10d9b04
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-core_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5: 31053418 2fac77025dc147ef4064d6e9e71db9d4
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-dev_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:  3599878 bcb16fa4aa7353c1afc3199a26aafac0
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-draw_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:  1795838 56ff7daed43a08237626c2c6b284b249
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-evolution_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:   145262 b676ce54cd35c43cdacd7b495279b2d5
    
http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org2/openoffice.org2-filter-so52_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:  7814674 aba6bf6facb948561063ed2fa47c1229
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-gnome_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:   256176 6dad514a135475a546cf329965f081c4
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-impress_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:   596394 ba2cbf939de2972d1d8c395e6208031e
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-kde_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:   237232 ff3d99a8c9d2cb5ecac42823d40c2eda
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-math_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:   353204 07374415db59d5689bec807f1e6e6f4e
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-officebean_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:   113910 30e6365628942b746bd51326657c7277
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-writer_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:  4723840 c7c41e08a56a0692fb4f2515b79e228d
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:    75414 8300914bac01514d017b9556088430dd
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/python-uno_1.9.129-0.1ubuntu4.1_i386.deb
      Size/MD5:   206826 deb6839a51de53ef25563f2bdb3f6119

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org2/mozilla-openoffice.org_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:   107406 9cb031cb9ad973422685d91ab280ec1c
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-base_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:  3520792 c940b1af9d330e7f6be4fa41e6c45669
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-calc_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:  4402614 c5aca4e78b3e6775ad79b8151c594ae5
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-core_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5: 36490996 e379dd41c8e0ff9fc6b442feef429f01
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-dev_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:  3832888 d5ac82d9bd7213ec38d298cc10ee9f68
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-draw_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:  2052604 1927e34e15a34fabbb11baf75624b439
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-evolution_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:   163072 ccfce60edde6424c5a799d15e1953ef7
    
http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org2/openoffice.org2-filter-so52_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:  9393732 1d03eb0eeb756a6993e8be0a26bdc33b
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-gnome_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:   270962 691806264360b38e318409d33c97bfe9
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-impress_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:   745318 d71ff041334d4ef12c3056bc49ba295a
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-kde_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:   257306 5e47f954ffa002726df21e51078610b7
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-math_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:   381732 927be19c71c464942972dce566758b5b
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-officebean_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:   116468 06614c5af1eaa9c420339211d10cb9ff
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-writer_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:  5636072 c5ebbad7da2f715db56537c8040cb22b
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:    75418 4d90b5abb46e2218b1cae7d9e89a7917
    
http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/python-uno_1.9.129-0.1ubuntu4.1_powerpc.deb
      Size/MD5:   215072 b9b9efefcd28c2c653d73e48d5915492
Attachment: signature.asc
Description: Digital signature
Prev by Date: Re: imageVue16.1 upload vulnerability
Next by Date: AFCommerce Shopping Cart
Previous by thread: [USN-319-2] Linux kernel vulnerability
Next by thread: AFCommerce Shopping Cart
Index(es):
- Date
- Thread