DSA-1995-1 openoffice.org -- severalID: oval:org.secpod.oval:def:600005 | Date: (C)2011-01-28 (M)2023-11-09 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0136 It was discovered that macro security settings were insufficiently enforced for VBA macros. CVE-2009-0217 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This also affects the integrated libxmlsec library. CVE-2009-2949 Sebastian Apelt discovered that an integer overflow in the XPM import code may lead to the execution of arbitrary code. CVE-2009-2950 Sebastian Apelt and Frank Reissner discovered that a buffer overflow in the GIF import code may lead to the execution of arbitrary code. CVE-2009-3301/CVE-2009-3302 Nicolas Joly discovered multiple vulnerabilities in the parser for Word document files, which may lead to the execution of arbitrary code. For the old stable distribution , these problems have been fixed in version 2.0.4.dfsg.2-7etch9. For the stable distribution , these problems have been fixed in version 1:2.4.1+dfsg-1+lenny6. For the unstable distribution , these problems will be fixed soon. We recommend that you upgrade your openoffice.org packages.
Platform: |
Debian 5.0 |
Debian 4.0 |