Re: [SECURITY] [DSA 1246-1] New OpenOffice.org packages fix arbitrary code execution
Martin Schulze schreef:
> --------------------------------------------------------------------------
> Debian Security Advisory DSA 1246-1 security@debian.org
> http://www.debian.org/security/ Martin Schulze
> January 8th, 2007 http://www.debian.org/security/faq
> --------------------------------------------------------------------------
>
> Package : openoffice.org
> Vulnerability : buffer overflow
> Problem type : local (remote)
> Debian-specific: no
> CVE ID : CVE-2006-5870
> Debian Bug : 405679 405986
>
> John Heasman from Next Generation Security Software discovered a heap
> overflow in the handling of Windows Metafiles in OpenOffice.org, the
> free office suite, which could lead to a denial of service and
> potentially execution of arbitrary code.
>
> For the stable distribution (sarge) this problem has been fixed in
> version 1.1.3-9sarge4.
>
> For the unstable distribution (sid) this problem has been fixed in
> version 2.0.4-1.
>
> We recommend that you upgrade your openofffice.org package.
Why is there nothing for Etch?
http://people.debian.org/~terpstra/message/20061224.090602.027e7771.en.html
----------
There are also good news. One of them is that the security team told
us that we now have security support for Etch (and also that Etch has
been in a good status for some time now regarding security).
----------
With regards,
Paul.
Reply to: