Headline
CVE-2010-0395: [SECURITY] Fedora 12 Update: openoffice.org-3.1.1-19.32.fc12
OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.
updates at fedoraproject.org updates at fedoraproject.org
Mon Jun 7 22:16:55 UTC 2010
- Previous message: Fedora 12 Update: webkitgtk-1.2.0-1.fc12
- Next message: Fedora 13 Update: kmid2-2.3.0-2.fc13
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-9576 2010-06-07 20:39:19
Name : openoffice.org Product : Fedora 12 Version : 3.1.1 Release : 19.32.fc12 URL : http://www.openoffice.org/ Summary : OpenOffice.org comprehensive office suite. Description : OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office.
Usage: Simply type “ooffice” to run OpenOffice.org or select the requested component (Writer, Calc, Impress, etc.) from your desktop menu. On first start a few files will be installed in the user’s home, if necessary.
Update Information:
A security vulnerability in OpenOffice.org, related to python scripting, might lead to unexpected code execution when using the built-in scripting IDE for exploring python code.
ChangeLog:
* Sat Jun 5 2010 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.32
- Resolves: CVE-2010-0395 openoffice.org-3.2.1.pyuno.patch
- Resolves: rhbz#595718 workspace.mba33issues01.patch
- Resolves: rhbz#596980 workspace.vcl112.patch * Wed May 19 2010 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.31
- Resolves: rhbz#593561 openoffice.org-3.3.0.ooo111699.svx.nullfield.patch * Fri May 7 2010 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.30
- Resolves: rhbz#589883 openoffice.org-3.1.1.oooXXXXX.sw.ww8exportcrash.patch * Tue Apr 27 2010 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.29
- Resolves: rhbz#574542 [abrt] crash in slideshow::internal::EventMultiplexerImpl::forEachView<> (dtardon)
- Resolves: rhbz#579817 [abrt] crash in writePivotTable (caolanm)
- Resolves: rhbz#580694 [abrt] crash in SwDrawTextShell::Init (caolanm)
- Resolves: rhbz#580285 [abrt] crash in OutWW8_SwTextGrid (caolanm) * Tue Mar 16 2010 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.28
- Resolves: rhbz#573654 fix unwanted “Red” translation (caolanm) * Mon Mar 15 2010 Dennis Gilmore <dennis at ausil.us> - 1:3.1.1-19.27
- sparc needs --with-alloc=system (dennis)
- prelink is known to not work on sparc so dont run the checks to make sure it will work on sparc arches (dennis)
- fakeroot doesnt work on sparc64, fontpackages-devel requires rpmdevtools which requires fakeroot (dennis)
- ExcludeArch sparc64 for unresovleable deps (dennis)
- Resolves: rhbz#565519 add openoffice.org-3.2.0.ooo95369.sw.sortedobjs.patch (caolanm)
- Resolves: rhbz#566099 fix modal dialog exit in qstarter (caolanm)
- Resolves: rhbz#565906 don’t crash on bad .svg in add to gallery (caolanm)
- Resolves: rhbz#564133 [abrt] crash in pdfi::(anonymous namespace)::Parser::parseLine (dtardon)
- Resolves: rhbz#566586 setting OpenOffice to show changes in document colored by author doesn’t persist (dtardon)
- Resolves: rhbz#566990 handle unreadable .db files (caolanm)
- Resolves: rhbz#568655 add openoffice.org-3.2.0.ooo109743.svx.safedragdrop.patch (caolanm)
- Resolves: rhbz#570102 openoffice.org-3.2.0.ooo109766.dbaccess.catch.patch (caolanm)
- Resolves: rhbz#571100 fix .svg import crash (caolanm)
- Resolves: rhbz#571540 cannot select evolution addressbook as data source (caolanm) * Fri Feb 12 2010 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.26
- CVE-2009-2950 GIF file parsing heap overflow (caolanm)
- CVE-2009-2949 integer overflow in XPM processing (caolanm)
- CVE-2009-3301 .doc Table Parsing vulernability (caolanm)
- CVE-2009-3302 .doc Table Parsing vulernability (caolanm)
- Resolves: rhbz#561778 openoffice.org-3.2.0.oooXXXXX.svx.safestyledelete.patch
- Resolves: rhbz#561989 openoffice.org-3.2.0.ooo109009.sc.tooltipcrash.patch
- Resolves: rhbz#445588 improve same name substitution * Tue Feb 2 2010 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.25
- Resolves: rhbz#549890 add workspace.extmgr01.patch (dtardon)
- Resolves: rhbz#551983 OpenOffice writer crashes when opening document with link in footnote (dtardon)
- Resolves: rhbz#550316 Openoffice.org Impress loses graphics when background color is changed (dtardon)
- Resolves: rhbz#554259 No autocorrect files for Lithuanian (dtardon)
- Resolves: rhbz#553929 [abrt] crash in ColorConfigCtrl_Impl::ScrollHdl (dtardon)
- Resolves: rhbz#549573 improve document compare (caolanm)
- Resolves: rbhz#555257 openoffice cannot use JPEG images using CMYK colorspace (dtardon)
- Resolves: rhbz#558342 [abrt] crash in SvxNumOptionsTabPage::InitControls (dtardon)
- Resolves: ooo#108637/rhbz#558253 sfx2 uisavedir (caolanm)
- Resolves: rhbz#560435 rtf dropcap crash (caolanm)
- Resolves: rhbz#560996/rhbz#560353 qstartfixes (caolanm) * Tue Dec 22 2009 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.24
- Resolves: rhbz#545824 bustage in writer with emboldened fonts * Fri Dec 18 2009 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.23
- Resolves: rhbz#548512 workspace.ooo32gsl03.patch * Tue Dec 15 2009 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.22
- Resolves: rhbz#529648 add workspace.fwk132.patch
- Resolves: rhbz#547176 add openoffice.org-3.2.0.ooo47279.sd.objectsave.safe.patch * Wed Dec 9 2009 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.21
- Resolves: rhbz#544124 add openoffice.org-3.2.0.ooo106502.svx.fixspelltimer.patch
- Resolves: rhbz#544218 add openoffice.org-3.2.0.ooo107552.vcl.sft.patch
- Resolves: rhbz#545783 add workspace.vcl105.patch * Fri Nov 27 2009 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.20
- Resolves: rhbz#541222 add openoffice.org-3.2.0.ooo107260.dtrans.clipboard.shutdown.patch (caolanm) * Mon Nov 23 2009 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.19
- Resolves: rhbz#540379/ooo#107131 impress tabledrag crash
- Resolves: rhbz#540231 add openoffice.org-3.2.0.oooXXXXX.canvas.fixcolorspace.patch
- add openoffice.org-4.2.0.ooo107151.sc.pop-empty-cell.patch (dtardon)
- Resolves: rhbz#533538 OpenOffice keyboard shortcuts mis-map in the Spanish localized version of OOo (caolanm) * Tue Nov 17 2009 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.18
- Resolves: ooo#59648 sw .doc export scaling (caolanm) * Tue Nov 10 2009 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.17
- Resolves: rhbz#533841 ooo#105710 svx loadstorenumbering (caolanm) * Thu Nov 5 2009 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.16
- Resolves: ooo#106523 fix pdf/A export on x86_64 (caolanm) * Thu Nov 5 2009 Caolán McNamara <caolanm at redhat.com> - 1:3.1.1-19.15
- Resolves: ooo#106497 language marked as providing spellchecking when unavailable (caolanm)
- Resolves: rhbz#532330 openoffice impress doesn’t recognise .ogv files as video (dtardon)
- Resolves: rhbz#533146 calc notes go missing on save (caolanm)
References:
[ 1 ] Bug #574119 - CVE-2010-0395 openoffice.org Execution of Python code when browsing macros https://bugzilla.redhat.com/show_bug.cgi?id=574119
This update can be installed with the “yum” update program. Use su -c ‘yum update openoffice.org’ at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys
- Previous message: Fedora 12 Update: webkitgtk-1.2.0-1.fc12
- Next message: Fedora 13 Update: kmid2-2.3.0-2.fc13
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the package-announce mailing list