SuSE Update For OpenOffice_org SUSE-SA:2010:017 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

This update of OpenOffice_org includes fixes for the following vulnerabilities: - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTable Memory Corruption - CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. Please note that not all versions are affected by all bugs. On SUSE Linux Enterprise Desktop 10 SP2 and SP3 and SUSE Linux Enterprise Desktop 11 OpenOffice_org was updated to version 3.2. The changelog file of the RPM file will give you detailed information. Also released was the Novell Edition of OpenOffice.org for Windows,

Affected

OpenOffice_org on openSUSE 11.0, openSUSE 11.1, openSUSE 11.2

References

http://www.novell.com/linux/security/advisories/2010_17_ooo.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-0217, CVE-2009-2949, CVE-2009-2950, CVE-2009-3301, CVE-2009-3302, CVE-2010-0136
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SuSE Update for OpenOffice_org SUSE-SA:2010:017

Take action and discover your vulnerabilities