[Backports-security-announce] Security update for openoffice.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rene Engelhard uploaded new packages for openoffice.org which fixed the
following security problems:
Debian BTS #496361
left-over debugging echos writing into an insecure temp file can allow
attackers to overwrite files on the system with the prvilieges of the user
executing senddoc (File -> Send)
CVE-2008-2237
A security vulnerability with the way OpenOffice 2.x process WMF files
may allow a remote unprivileged user who provides a
StarOffice/StarSuite document that is opened by a local user to execute
arbitrary commands on the system with the privileges of the user running
StarOffice/StarSuite
CVE-2008-2238
A security vulnerability with the way OpenOffice 2.x process EMF files
may allow a remote unprivileged user who provides a
StarOffice/StarSuite document that is opened by a local user to execute
arbitrary commands on the system with the privileges of the user running
StarOffice/StarSuite.
For the etch-backports distribution the problems have been fixed in
version 1:2.4.1-12~bpo40+1.
For the lenny and sid distribution the problems have been fixed in
version 1:2.4.1-12.
Upgrade instructions
- --------------------
If you don't use pinning (see [1]) you have to update the packages
manually via "apt-get -t etch-backports install <packagelist>" with the
packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=etch-backports
Pin-Priority: 200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJCY5M+FmQsCSK63MRArm6AJ4u+sSYzE4jRk+SiGSsRkWRuB87iQCePwM5
VKi0vk+Af6DmAPALMkRyF/Y=
=kAEU
-----END PGP SIGNATURE-----
Reply to: