Test ID:	1.3.6.1.4.1.25623.1.0.58597
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1375-1)
Summary:	The remote host is missing an update for the Debian 'openoffice.org' package(s) announced via the DSA-1375-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'openoffice.org' package(s) announced via the DSA-1375-1 advisory. Vulnerability Insight: A heap overflow vulnerability has been discovered in the TIFF parsing code of the OpenOffice.org suite. The parser uses untrusted values from the TIFF file to calculate the number of bytes of memory to allocate. A specially crafted TIFF image could trigger an integer overflow and subsequently a buffer overflow that could cause the execution of arbitrary code. For the old stable distribution (sarge) this problem has been fixed in version 1.1.3-9sarge8. For the stable distribution (etch) this problem has been fixed in version 2.0.4.dfsg.2-7etch2. For the unstable distribution (sid) this problem has been fixed in version 2.2.1-9. For the experimental distribution this problem has been fixed in version 2.3.0~ src680m224-1. We recommend that you upgrade your openoffice.org packages. Affected Software/OS: 'openoffice.org' package(s) on Debian 3.1, Debian 4. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-2834 BugTraq ID: 25690 http://www.securityfocus.com/bid/25690 Bugtraq: 20070919 FLEA-2007-0056-1 openoffice.org (Google Search) http://www.securityfocus.com/archive/1/479965/100/0/threaded Debian Security Information: DSA-1375 (Google Search) http://www.debian.org/security/2007/dsa-1375 http://fedoranews.org/updates/FEDORA-2007-237.shtml http://fedoranews.org/updates/FEDORA-2007-700.shtml http://security.gentoo.org/glsa/glsa-200710-24.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593 http://www.mandriva.com/security/advisories?name=MDKSA-2007:186 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9967 http://www.redhat.com/support/errata/RHSA-2007-0848.html http://securitytracker.com/id?1018702 http://secunia.com/advisories/26816 http://secunia.com/advisories/26817 http://secunia.com/advisories/26839 http://secunia.com/advisories/26844 http://secunia.com/advisories/26855 http://secunia.com/advisories/26861 http://secunia.com/advisories/26891 http://secunia.com/advisories/26903 http://secunia.com/advisories/26912 http://secunia.com/advisories/27077 http://secunia.com/advisories/27087 http://secunia.com/advisories/27370 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200190-1 SuSE Security Announcement: SUSE-SA:2007:052 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html http://www.ubuntu.com/usn/usn-524-1 http://www.vupen.com/english/advisories/2007/3184 http://www.vupen.com/english/advisories/2007/3262 XForce ISS Database: openoffice-tiff-bo(36656) https://exchange.xforce.ibmcloud.com/vulnerabilities/36656
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.