Test ID:	1.3.6.1.4.1.25623.1.0.71602
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-1496-1 (openoffice.org-core)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to openoffice.org-core announced via advisory USN-1496-1. Details: A stack-based buffer overflow was discovered in the Lotus Word Pro import filter in OpenOffice.org. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2011-2685) Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash if it opened a specially crafted Word document. (CVE-2011-2713) Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-1149) Sven Jacobi discovered an integer overflow when processing Escher graphics records. If a user were tricked into opening a specially crafted PowerPoint file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-2334) Solution: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.04 LTS: openoffice.org-core 1:3.2.0-7ubuntu4.3 http://www.securityspace.com/smysecure/catid.html?in=USN-1496-1 CVSS Score: 9.3 CVSS Vector: AV:L/AC:H/Au:NR/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2685 CERT/CC vulnerability note: VU#953183 http://www.kb.cert.org/vuls/id/953183 http://www.mandriva.com/security/advisories?name=MDVSA-2011:172 http://cgit.freedesktop.org/libreoffice/filters/commit/?id=278831e37a23e9e2e29ca811c3a5398b7c67464d http://cgit.freedesktop.org/libreoffice/filters/commit/?id=d93fa011d713100775cd3ac88c468b6830d48877 http://www.openwall.com/lists/oss-security/2011/07/06/13 http://www.openwall.com/lists/oss-security/2011/07/12/13 SuSE Security Announcement: openSUSE-SU-2011:1143 (Google Search) http://lists.opensuse.org/opensuse-updates/2011-10/msg00019.html Common Vulnerability Exposure (CVE) ID: CVE-2011-2713 1026145 http://www.securitytracker.com/id?1026145 49969 http://www.securityfocus.com/bid/49969 50692 http://secunia.com/advisories/50692 60799 http://secunia.com/advisories/60799 76178 http://osvdb.org/76178 DSA-2315 http://www.debian.org/security/2011/dsa-2315 FEDORA-2011-14036 http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068160.html FEDORA-2011-14049 http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068198.html GLSA-201209-05 http://security.gentoo.org/glsa/glsa-201209-05.xml GLSA-201408-19 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml MDVSA-2011:172 http://www.libreoffice.org/advisories/CVE-2011-2713/ https://bugzilla.redhat.com/show_bug.cgi?id=725668 openSUSE-SU-2011:1143 Common Vulnerability Exposure (CVE) ID: CVE-2012-1149 1027068 http://securitytracker.com/id?1027068 20120516 CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object http://archives.neohapsis.com/archives/bugtraq/2012-05/0089.html 46992 http://secunia.com/advisories/46992 47244 http://secunia.com/advisories/47244 49140 http://secunia.com/advisories/49140 49373 http://secunia.com/advisories/49373 49392 http://secunia.com/advisories/49392 53570 http://www.securityfocus.com/bid/53570 81988 http://www.osvdb.org/81988 DSA-2473 http://www.debian.org/security/2012/dsa-2473 DSA-2487 http://www.debian.org/security/2012/dsa-2487 FEDORA-2012-8042 http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html FEDORA-2012-8114 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html MDVSA-2012:090 http://www.mandriva.com/security/advisories?name=MDVSA-2012:090 MDVSA-2012:091 http://www.mandriva.com/security/advisories?name=MDVSA-2012:091 RHSA-2012:0705 http://rhn.redhat.com/errata/RHSA-2012-0705.html http://www.libreoffice.org/advisories/cve-2012-1149/ http://www.openoffice.org/security/cves/CVE-2012-1149.html openoffice-vclmi-bo(75692) https://exchange.xforce.ibmcloud.com/vulnerabilities/75692 Common Vulnerability Exposure (CVE) ID: CVE-2012-2334 1027070 http://securitytracker.com/id?1027070 20120516 CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0 http://archives.neohapsis.com/archives/bugtraq/2012-05/0091.html 82517 http://www.osvdb.org/82517 [oss-security] 20120528 Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification http://www.openwall.com/lists/oss-security/2012/05/28/2 http://cgit.freedesktop.org/libreoffice/core/commit/?id=28a6558f9d3ca2dda3191f8b5b3f2378ee2533da http://cgit.freedesktop.org/libreoffice/core/commit/?id=512401decb286ba0fc3031939b8f7de8649c502e http://www.libreoffice.org/advisories/cve-2012-2334/ http://www.openoffice.org/security/cves/CVE-2012-2334.html https://bugzilla.redhat.com/show_bug.cgi?id=821803 openoffice-powerpoint-dos(75695) https://exchange.xforce.ibmcloud.com/vulnerabilities/75695
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.