=========================================================== Ubuntu Security Notice USN-313-2 July 19, 2006 openoffice.org2-amd64, openoffice.org2 vulnerabilities CVE-2006-2198, CVE-2006-2199, CVE-2006-3117 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: openoffice.org2-common 1.9.129-0.1ubuntu4.1 openoffice.org2-core 1.9.129-0.1ubuntu4.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-313-1 fixed several vulnerabilities in OpenOffice for Ubuntu 5.04 and Ubuntu 6.06 LTS. This followup advisory provides the corresponding update for Ubuntu 5.10. For reference, these are the details of the original USN: It was possible to embed Basic macros in documents in a way that OpenOffice.org would not ask for confirmation about executing them. By tricking a user into opening a malicious document, this could be exploited to run arbitrary Basic code (including local file access and modification) with the user's privileges. (CVE-2006-2198) A flaw was discovered in the Java sandbox which allowed Java applets to break out of the sandbox and execute code without restrictions. By tricking a user into opening a malicious document, this could be exploited to run arbitrary code with the user's privileges. This update disables Java applets for OpenOffice.org, since it is not generally possible to guarantee the sandbox restrictions. (CVE-2006-2199) A buffer overflow has been found in the XML parser. By tricking a user into opening a specially crafted XML file with OpenOffice.org, this could be exploited to execute arbitrary code with the user's privileges. (CVE-2006-3117) Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-amd64_1.9.129-0.1ubuntu4.1-1.diff.gz Size/MD5: 30102 940d431dbc93185558bfe215f0d1bd31 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-amd64_1.9.129-0.1ubuntu4.1-1.dsc Size/MD5: 934 46517c65ab2797905ae5fc54e18f093a http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-amd64_1.9.129-0.1ubuntu4.1.orig.tar.gz Size/MD5: 280390449 8fc86346a5ca070fd41cc35ccf0db891 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2_1.9.129-0.1ubuntu4.1.diff.gz Size/MD5: 42651040 7eb1530f373880579e0b4f882d6f37d4 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2_1.9.129-0.1ubuntu4.1.dsc Size/MD5: 2747 1df80499afc5fe76f527f67baede96aa http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2_1.9.129.orig.tar.gz Size/MD5: 193239182 ca8c3fd5718fc31343abef213cb4df8d Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-common_1.9.129-0.1ubuntu4.1_all.deb Size/MD5: 22894532 9ceea05764f1f3c7c7fb6e9ba4cced06 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-dev-doc_1.9.129-0.1ubuntu4.1_all.deb Size/MD5: 4783358 d90c33a8f7d46ecb032e0b79a966cde0 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-java-common_1.9.129-0.1ubuntu4.1_all.deb Size/MD5: 2792520 8ff58905701deb746209f38d59e50fbe http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-l10n-en-us_1.9.129-0.1ubuntu4.1_all.deb Size/MD5: 588148 232eea25965ee05eb60579ec0c6680cf http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/ttf-opensymbol_1.9.129-0.1ubuntu4.1_all.deb Size/MD5: 145466 62a12f481a92cce78f521a2afeb60f42 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-base_1.9.129-0.1ubuntu4.1-1_amd64.deb Size/MD5: 2768862 e2e037a15d5aa56e0f5bde9300d78a7a http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-calc_1.9.129-0.1ubuntu4.1-1_amd64.deb Size/MD5: 3514372 0df198e3a69f04746605f52239b252b3 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-core_1.9.129-0.1ubuntu4.1-1_amd64.deb Size/MD5: 31007052 9bb773b5d9f762546389c33c410821a1 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-draw_1.9.129-0.1ubuntu4.1-1_amd64.deb Size/MD5: 1749028 06ad64a99ba5cddf8375b2a2a83bade0 http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org2-amd64/openoffice.org2-filter-so52_1.9.129-0.1ubuntu4.1-1_amd64.deb Size/MD5: 27834 6f299ed3a59ffcdd42ffc72c2f029bba http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-gnome_1.9.129-0.1ubuntu4.1-1_amd64.deb Size/MD5: 209174 5db2aa352812347fd4f011d4b4aab024 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-impress_1.9.129-0.1ubuntu4.1-1_amd64.deb Size/MD5: 549598 62ffa44a2a9a306bcec36c9f2b3fc22d http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-kde_1.9.129-0.1ubuntu4.1-1_amd64.deb Size/MD5: 191110 c5a69661259c1113d80f215fefe36568 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-math_1.9.129-0.1ubuntu4.1-1_amd64.deb Size/MD5: 306392 b5a3bfcd650a006c4f5cb89661549e91 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2-writer_1.9.129-0.1ubuntu4.1-1_amd64.deb Size/MD5: 4676736 28d2cb3162d4f93ccac4100c030c689b http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2-amd64/openoffice.org2_1.9.129-0.1ubuntu4.1-1_amd64.deb Size/MD5: 29416 1c63923c1332e7d5611616fbcec70041 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org2/mozilla-openoffice.org_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 102932 c012ddba2a7b4bb47f52ddc045121323 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-base_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 2815856 214d0572b87722b94222b0c22ff6eaa0 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-calc_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 3561586 b8ad2d631c574257f19a2812a10d9b04 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-core_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 31053418 2fac77025dc147ef4064d6e9e71db9d4 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-dev_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 3599878 bcb16fa4aa7353c1afc3199a26aafac0 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-draw_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 1795838 56ff7daed43a08237626c2c6b284b249 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-evolution_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 145262 b676ce54cd35c43cdacd7b495279b2d5 http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org2/openoffice.org2-filter-so52_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 7814674 aba6bf6facb948561063ed2fa47c1229 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-gnome_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 256176 6dad514a135475a546cf329965f081c4 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-impress_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 596394 ba2cbf939de2972d1d8c395e6208031e http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-kde_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 237232 ff3d99a8c9d2cb5ecac42823d40c2eda http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-math_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 353204 07374415db59d5689bec807f1e6e6f4e http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-officebean_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 113910 30e6365628942b746bd51326657c7277 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-writer_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 4723840 c7c41e08a56a0692fb4f2515b79e228d http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 75414 8300914bac01514d017b9556088430dd http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/python-uno_1.9.129-0.1ubuntu4.1_i386.deb Size/MD5: 206826 deb6839a51de53ef25563f2bdb3f6119 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org2/mozilla-openoffice.org_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 107406 9cb031cb9ad973422685d91ab280ec1c http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-base_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 3520792 c940b1af9d330e7f6be4fa41e6c45669 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-calc_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 4402614 c5aca4e78b3e6775ad79b8151c594ae5 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-core_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 36490996 e379dd41c8e0ff9fc6b442feef429f01 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-dev_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 3832888 d5ac82d9bd7213ec38d298cc10ee9f68 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-draw_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 2052604 1927e34e15a34fabbb11baf75624b439 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-evolution_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 163072 ccfce60edde6424c5a799d15e1953ef7 http://security.ubuntu.com/ubuntu/pool/universe/o/openoffice.org2/openoffice.org2-filter-so52_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 9393732 1d03eb0eeb756a6993e8be0a26bdc33b http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-gnome_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 270962 691806264360b38e318409d33c97bfe9 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-impress_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 745318 d71ff041334d4ef12c3056bc49ba295a http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-kde_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 257306 5e47f954ffa002726df21e51078610b7 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-math_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 381732 927be19c71c464942972dce566758b5b http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-officebean_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 116468 06614c5af1eaa9c420339211d10cb9ff http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2-writer_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 5636072 c5ebbad7da2f715db56537c8040cb22b http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/openoffice.org2_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 75418 4d90b5abb46e2218b1cae7d9e89a7917 http://security.ubuntu.com/ubuntu/pool/main/o/openoffice.org2/python-uno_1.9.129-0.1ubuntu4.1_powerpc.deb Size/MD5: 215072 b9b9efefcd28c2c653d73e48d5915492
Attachment:
signature.asc
Description: Digital signature