Rapid7 Vulnerability & Exploit Database

RHSA-2010:0643: openoffice.org security update

Back to Search

RHSA-2010:0643: openoffice.org security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
08/25/2010
Created
07/25/2018
Added
08/30/2010
Modified
07/04/2017

Description

OpenOffice.org is an office productivity suite that includes desktopapplications, such as a word processor, spreadsheet application,presentation manager, formula editor, and a drawing program.An integer truncation error, leading to a heap-based buffer overflow, wasfound in the way the OpenOffice.org Impress presentation applicationsanitized a file's dictionary property items. An attacker could use thisflaw to create a specially-crafted Microsoft Office PowerPoint file that,when opened, would cause OpenOffice.org Impress to crash or, possibly,execute arbitrary code with the privileges of the user runningOpenOffice.org Impress. (CVE-2010-2935)An integer overflow flaw, leading to a heap-based buffer overflow, wasfound in the way OpenOffice.org Impress processed polygons in inputdocuments. An attacker could use this flaw to create a specially-craftedMicrosoft Office PowerPoint file that, when opened, would causeOpenOffice.org Impress to crash or, possibly, execute arbitrary code withthe privileges of the user running OpenOffice.org Impress. (CVE-2010-2936)All users of OpenOffice.org are advised to upgrade to these updatedpackages, which contain backported patches to correct these issues. For RedHat Enterprise Linux 3, this erratum provides updated openoffice.orgpackages. For Red Hat Enterprise Linux 4, this erratum provides updatedopenoffice.org and openoffice.org2 packages. All running instances ofOpenOffice.org applications must be restarted for this update to takeeffect.

Solution(s)

  • redhat-upgrade-openoffice-org
  • redhat-upgrade-openoffice-org-i18n
  • redhat-upgrade-openoffice-org-kde
  • redhat-upgrade-openoffice-org-libs
  • redhat-upgrade-openoffice-org2-base
  • redhat-upgrade-openoffice-org2-calc
  • redhat-upgrade-openoffice-org2-core
  • redhat-upgrade-openoffice-org2-draw
  • redhat-upgrade-openoffice-org2-emailmerge
  • redhat-upgrade-openoffice-org2-graphicfilter
  • redhat-upgrade-openoffice-org2-impress
  • redhat-upgrade-openoffice-org2-javafilter
  • redhat-upgrade-openoffice-org2-langpack-af_za
  • redhat-upgrade-openoffice-org2-langpack-ar
  • redhat-upgrade-openoffice-org2-langpack-bg_bg
  • redhat-upgrade-openoffice-org2-langpack-bn
  • redhat-upgrade-openoffice-org2-langpack-ca_es
  • redhat-upgrade-openoffice-org2-langpack-cs_cz
  • redhat-upgrade-openoffice-org2-langpack-cy_gb
  • redhat-upgrade-openoffice-org2-langpack-da_dk
  • redhat-upgrade-openoffice-org2-langpack-de
  • redhat-upgrade-openoffice-org2-langpack-el_gr
  • redhat-upgrade-openoffice-org2-langpack-es
  • redhat-upgrade-openoffice-org2-langpack-et_ee
  • redhat-upgrade-openoffice-org2-langpack-eu_es
  • redhat-upgrade-openoffice-org2-langpack-fi_fi
  • redhat-upgrade-openoffice-org2-langpack-fr
  • redhat-upgrade-openoffice-org2-langpack-ga_ie
  • redhat-upgrade-openoffice-org2-langpack-gl_es
  • redhat-upgrade-openoffice-org2-langpack-gu_in
  • redhat-upgrade-openoffice-org2-langpack-he_il
  • redhat-upgrade-openoffice-org2-langpack-hi_in
  • redhat-upgrade-openoffice-org2-langpack-hr_hr
  • redhat-upgrade-openoffice-org2-langpack-hu_hu
  • redhat-upgrade-openoffice-org2-langpack-it
  • redhat-upgrade-openoffice-org2-langpack-ja_jp
  • redhat-upgrade-openoffice-org2-langpack-ko_kr
  • redhat-upgrade-openoffice-org2-langpack-lt_lt
  • redhat-upgrade-openoffice-org2-langpack-ms_my
  • redhat-upgrade-openoffice-org2-langpack-nb_no
  • redhat-upgrade-openoffice-org2-langpack-nl
  • redhat-upgrade-openoffice-org2-langpack-nn_no
  • redhat-upgrade-openoffice-org2-langpack-pa_in
  • redhat-upgrade-openoffice-org2-langpack-pl_pl
  • redhat-upgrade-openoffice-org2-langpack-pt_br
  • redhat-upgrade-openoffice-org2-langpack-pt_pt
  • redhat-upgrade-openoffice-org2-langpack-ru
  • redhat-upgrade-openoffice-org2-langpack-sk_sk
  • redhat-upgrade-openoffice-org2-langpack-sl_si
  • redhat-upgrade-openoffice-org2-langpack-sr_cs
  • redhat-upgrade-openoffice-org2-langpack-sv
  • redhat-upgrade-openoffice-org2-langpack-ta_in
  • redhat-upgrade-openoffice-org2-langpack-th_th
  • redhat-upgrade-openoffice-org2-langpack-tr_tr
  • redhat-upgrade-openoffice-org2-langpack-zh_cn
  • redhat-upgrade-openoffice-org2-langpack-zh_tw
  • redhat-upgrade-openoffice-org2-langpack-zu_za
  • redhat-upgrade-openoffice-org2-math
  • redhat-upgrade-openoffice-org2-pyuno
  • redhat-upgrade-openoffice-org2-testtools
  • redhat-upgrade-openoffice-org2-writer
  • redhat-upgrade-openoffice-org2-xsltfilter

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;