Test ID:	1.3.6.1.4.1.25623.1.0.71450
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2012:090 (openoffice.org)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to openoffice.org announced via advisory MDVSA-2012:090. Security issues were identified and fixed in openoffice.org: An integer overflow vulnerability in the openoffice.org graphic loading code could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code (CVE-2012-1149). An integer overflow flaw, leading to buffer overflow, was found in the way openoffice.org processed invalid Escher graphics records length in PowerPoint documents. An attacker could provide a specially-crafted PowerPoint document that, when opened, would cause openoffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running openoffice.org (CVE-2012-2334). The updated packages have been patched to correct this issue. Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2012:090 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1149 1027068 http://securitytracker.com/id?1027068 20120516 CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html 46992 http://secunia.com/advisories/46992 47244 http://secunia.com/advisories/47244 49140 http://secunia.com/advisories/49140 49373 http://secunia.com/advisories/49373 49392 http://secunia.com/advisories/49392 50692 http://secunia.com/advisories/50692 53570 http://www.securityfocus.com/bid/53570 60799 http://secunia.com/advisories/60799 81988 http://www.osvdb.org/81988 DSA-2473 http://www.debian.org/security/2012/dsa-2473 DSA-2487 http://www.debian.org/security/2012/dsa-2487 FEDORA-2012-8042 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html FEDORA-2012-8114 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html GLSA-201209-05 http://security.gentoo.org/glsa/glsa-201209-05.xml GLSA-201408-19 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml MDVSA-2012:090 http://www.mandriva.com/security/advisories?name=MDVSA-2012:090 MDVSA-2012:091 http://www.mandriva.com/security/advisories?name=MDVSA-2012:091 RHSA-2012:0705 http://rhn.redhat.com/errata/RHSA-2012-0705.html http://www.libreoffice.org/advisories/cve-2012-1149/ http://www.openoffice.org/security/cves/CVE-2012-1149.html openoffice-vclmi-bo(75692) https://exchange.xforce.ibmcloud.com/vulnerabilities/75692 Common Vulnerability Exposure (CVE) ID: CVE-2012-2334 1027070 http://securitytracker.com/id?1027070 20120516 CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0 http://archives.neohapsis.com/archives/bugtraq/2012-05/0091.html 82517 http://www.osvdb.org/82517 [oss-security] 20120528 Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification http://www.openwall.com/lists/oss-security/2012/05/28/2 http://cgit.freedesktop.org/libreoffice/core/commit/?id=28a6558f9d3ca2dda3191f8b5b3f2378ee2533da http://cgit.freedesktop.org/libreoffice/core/commit/?id=512401decb286ba0fc3031939b8f7de8649c502e http://www.libreoffice.org/advisories/cve-2012-2334/ http://www.openoffice.org/security/cves/CVE-2012-2334.html https://bugzilla.redhat.com/show_bug.cgi?id=821803 openoffice-powerpoint-dos(75695) https://exchange.xforce.ibmcloud.com/vulnerabilities/75695
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.