MDVSA-2010:105 -- Mandriva openoffice.org
|ID: oval:org.secpod.oval:def:300142||Date: (C)2012-01-07 (M)2018-05-28|
|Class: PATCH||Family: unix|
This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes described as follow: An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow . A heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to table parsing . A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted EMF file . Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file . OpenOffice"s xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled . Addittionaly this update provides following bug fixes: OpenOffice.org is not properly configure to use the xdg-email functionality of the FreeDesktop standard . Template desktop icons are not properly set up then they are not presented under the context menu of applications like Dolphin . libia_ora-gnome is added as suggest as long as that package is needed for a better look . It is enabled a fallback logic to properly select an OpenOffice.org style whenever one is set up but that is not installed It is enabled the Firefox plugin for viewing OpenOffice.org documents inside browser. Further packages were provided to supply OpenOffice.org. 3.1.1 dependencies.
|Mandriva Linux 2009.0|