Re: [SECURITY] [DSA 1270-1] New OpenOffice.org packages fix several vulnerabilities
I am not able to get updates. The apt-get update command times out after a few minutes. What is the proper syntax for "purge"?
John Patterson
----- Mensagem Original -----
De: joey@infodrom.org (Martin Schulze)
Data: Terça-Feira, 20 de Março de 2007, 19:40
Assunto: [SECURITY] [DSA 1270-1] New OpenOffice.org packages fix several vulnerabilities
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - -----------------------------------------------------------------
> ---------
> Debian Security Advisory DSA 1270-1
> security@debian.orghttp://www.debian.org/security/
> Martin Schulze
> March 20th, 2007
> http://www.debian.org/security/faq- -------------------------------
> -------------------------------------------
>
> Package : openoffice.org
> Vulnerability : several
> Problem type : local (remote)
> Debian-specific: no
> CVE IDs : CVE-2007-0002 CVE-2007-0238 CVE-2007-0239
>
> Several security related problems have been discovered in
> OpenOffice.org, the free office suite. The Common Vulnerabilities and
> Exposures project identifies the following problems:
>
> CVE-2007-0002
>
> iDefense reported several integer overflow bugs in libwpd, a
> library for handling WordPerfect documents that is included in
> OpenOffice.org. Attackers are able to exploit these with
> carefully crafted WordPerfect files that could cause an
> application linked with libwpd to crash or possibly execute
> arbitrary code.
>
> CVE-2007-0238
>
> Next Generation Security discovered that the StarCalc parser in
> OpenOffice.org contains an easily exploitable stack overflow that
> could be used exploited by a specially crafted document to execute
> arbitrary code.
>
> CVE-2007-0239
>
> It has been reported that OpenOffice.org does not escape shell
> meta characters and is hence vulnerable to execute arbitrary shell
> commands via a specially crafted document after the user clicked
> to a prepared link.
>
> For the stable distribution (sarge) these problems have been fixed in
> version 1.1.3-9sarge6.
>
> For the testing distribution (etch) these problems have been fixed in
> version 2.0.4.dfsg.2-6.
>
> For the unstable distribution (sid) these problems have been fixed in
> version 2.0.4.dfsg.2-6.
>
> We recommend that you upgrade your OpenOffice.org packages.
>
>
> Upgrade Instructions
> - --------------------
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given at the end of this advisory:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 3.1 alias sarge
> - --------------------------------
>
> Source archives:
>
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6.dsc
> Size/MD5 checksum: 2878 6c4447f2bdd8cde4e10556eacb9aef80
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6.diff.gz
> Size/MD5 checksum: 4630152 e9d9ee838f73572836b059f8033bdb35
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz Size/MD5 checksum: 166568714 5250574bad9906b38ce032d04b765772
>
> Architecture independent components:
>
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2648700 9dedff380f535381ca48fc23da8c74ae
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2696106 2eebd4484da0e9a4dcbde3b01e309ba7
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2692842 e2f0cce7f7ca75c26a55b2615a0d32a2
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3587952 02a0dcfd7d36cea6433365e4c9acd00f
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2664822 176c3bd0b24dc4a0700d558e7df15ddd
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3584442 b7a8d9b8b21a152537ef71d3dce56d54
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3455220 214fd0769fb967b22521b244a5f8e412
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2742946 04c91de4bb5b2b6d453ede296693889a
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3527040 738553a6850160b374d36b7a83f79370
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3563372 db130e40120c69626e950063eee07a3d
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2646546 5ebb68935e9a3eba761cc2574717339c
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2670434 ed48f9c2f37fed09f741ce4f8a690bc5
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2675206 5f7d1dcd9a1e3ee8c9582da53300e8f4
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3496040 b65004e7d70e0bc6b94ce5fcba33f21c
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2659162 dc858e988c2025cc37b76d1b21d400b8
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2661416 d3ad4533667aa90f52bed28b1525437c
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2697048 b84ec1f9fa2561e4c2f344b6d6052986
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2772632 fcb6b507ff92c95c94a85f471a0fa522
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3557364 ed6dcc2203bb3329ce98c4e626a9ffa7
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3564910 59cbed0cba5644f4f428fa9cb5551c2d
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2686506 a7aa7937a1818cb63537746e961c2072
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3541338 a411e36d9d06b844628a1bbce51508f1
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2673870 8899a3bddb951b8affe9b68774d22cb5
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2665700 dadd04e21d730a0eda273205d8b0e506
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3561748 6807bb01d7c2bef00c393128d7948da4
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2665678 08076bb0916dd8d702b0ac6a6b582aba
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2667602 8cd2a2fd1544772908a239fcf81d5057
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3241012 ffa736fab57309f09cf269316c2be189
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3527818 b97751305b37e48e99e76eff3a684239
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3164122 4aa344cc3da0d600bbf7a37f6d161df9
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3333266 b5c3466e4f6df17431cfe57840da8da4
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3604862 1c9e35a8b63c9cff2a7ac25f9613cbf9
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3600626 0802e8e76b4f13e0c8c426051d3d19b0
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3543964 7c75870c1e87da21750175c9347b1e17
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2689868 2df2a8205355c4081f5b41f1a8a23485
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2652696 6aee58cf724a13ae07ffcb2d52b4fde6
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2895216 99f03f68a8046edbf56faf2d75d82edd
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3554128 bf3e1b409a3779b7f3dac854dbd878b3
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3549590 ce73373dbc4b1598d01596ab3ac91a96
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 2673534 06ae86a2e873845cf08e9fff5d23ff6a
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-mimelnk_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 67534 56b5d2fe567a33bd5d208e0f179b4410
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-thesaurus-en-us_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 3131362 f1e269dc8d5cd27099e3c1db7bd15c8d
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 6852372 c2c23a8406b9890521f87716585e0fd4
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_1.1.3-9sarge6_all.deb
> Size/MD5 checksum: 137464 6f58470f00a2ec8c27ab98e875de956c
>
> Intel IA-32 architecture:
>
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge6_i386.deb
> Size/MD5 checksum: 41473388 b280f888e5a84c12e359e7f6830a81a7
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge6_i386.deb
> Size/MD5 checksum: 1857594 e54523506eb611fa23e758161cf250b0
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge6_i386.deb
> Size/MD5 checksum: 164856 f1809a564e47ee6cf1af37883fe91108
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge6_i386.deb
> Size/MD5 checksum: 160390 6a214287121ed3d1a03c2b3efbd3950e
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge6_i386.deb
> Size/MD5 checksum: 144378 87bff29447ba1026c8ea6a2cb56dc406
>
> PowerPC architecture:
>
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge6_powerpc.deb
> Size/MD5 checksum: 39929566 545ef69eda0f41c93c1e09a3f2ff2efa
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge6_powerpc.deb
> Size/MD5 checksum: 1865952 828b0ce16533bb417a593edbcda9deac
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge6_powerpc.deb
> Size/MD5 checksum: 161836 8ccbd9c932eb05eb6cc79fd84759d5f2
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge6_powerpc.deb
> Size/MD5 checksum: 159046 bca17d24d59e847fc46e3ce3847a1a75
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge6_powerpc.deb
> Size/MD5 checksum: 142544 dd2356f4c0d924006a8340b4ac42ac76
>
> IBM S/390 architecture:
>
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge6_s390.deb
> Size/MD5 checksum: 42752608 21b8a45df2205e8193977539d79df845
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge6_s390.deb
> Size/MD5 checksum: 1853012 fc6d24bf76d4967999edb066e585dd0c
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge6_s390.deb
> Size/MD5 checksum: 167062 43ea44833535e55c4593d4c66a6b887a
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge6_s390.deb
> Size/MD5 checksum: 166918 cfd508737ce96134e2f1f4e6969cde3c
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge6_s390.deb
> Size/MD5 checksum: 145564 e7fc82f32d149e99be23a85a5eae3f60
>
> Sun Sparc architecture:
>
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge6_sparc.deb
> Size/MD5 checksum: 40804962 5ea6fa0ce8f275db0e841db5e46a3956
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge6_sparc.deb
> Size/MD5 checksum: 1847980 713150289b2908fd6a4cc98b13293ac3
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge6_sparc.deb
> Size/MD5 checksum: 168226 181d3b7efbdc3decebc5d605c386af14
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge6_sparc.deb
> Size/MD5 checksum: 158594 ba8b7b9491cfd6295afac1e49d87c704
>
> http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge6_sparc.deb
> Size/MD5 checksum: 140106 9ab2c61b292603df23efc2a7c3eb7867
>
>
> These files will probably be moved into the stable distribution on
> its next update.
>
> - -----------------------------------------------------------------
> ----------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security
> dists/stable/updates/mainMailing list: debian-security-
> announce@lists.debian.orgPackage info: `apt-cache show <pkg>' and
> http://packages.debian.org/<pkg>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFGADiTW5ql+IAeqTIRAsjjAJwK+tefQ/gzqsUNmQayQEDOju5D1QCffOXC
> aVDaD6neOpcwa7Wcq66n9V8=
> =QQfE
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-
> REQUEST@lists.debian.orgwith a subject of "unsubscribe". Trouble?
> Contact listmaster@lists.debian.org
>
>
_______________________________________________________________________________________
Precisa de CREDITO ate 5.000 EUROS?
Resposta imediata. Reducao do valor das prestacoes ao longo do
emprestimo.
Venha conhecer a Capital Mais em http://www.iol.pt/correio/rodape.php?dst=0703201
Reply to: