| Beschreibung: | Summary:
The remote host is missing an update for the 'openoffice.org' package(s) announced via the ELSA-2011-0183 advisory.
Vulnerability Insight:
[3.2.1-19.3.0.1.el6_0.5]
- Replaced RedHat colors with Oracle colors, OOO_VENDOR with Oracle Corp.,
and the filename redhat.soc with oracle.soc in specfile bug#10911
[1:3.2.1-19.6.5]
- Related: rhbz#671087 set right file permissions
[1:3.2.1-19.6.4]
- Resolves: rhbz#671087 file locks are not created with gvfs-sftp
volumes with OpenOffice.org
[1:3.2.1-19.6.3]
- Resolves: rhbz#642200 openoffice.org various flaws
- CVE-2010-4643 heap based buffer overflow when parsing TGA files
[1:3.2.1-19.6.2]
- Resolves: rhbz#642200 openoffice.org various flaws
- CVE-2010-4253 heap based buffer overflow in PPT import
[1:3.2.1-19.6.1]
- Resolves: rhbz#642200 openoffice.org various flaws
- CVE-2010-3450 directory traversal flaws in handling of XSLT jar filter
descriptions and OXT extension files
- CVE-2010-3451 Array index error by insecure parsing of broken rtf
tables
- CVE-2010-3452 Integer signedness error (crash) by processing certain
RTF tags
- CVE-2010-3453 Heap-based buffer overflow by processing *.doc files
with WW8 list styles with specially-crafted count of list levels
- CVE-2010-3454 Array index error by scanning document typography
information of certain *.doc files
- CVE-2010-3689 soffice insecure LD_LIBRARY_PATH setting
Affected Software/OS:
'openoffice.org' package(s) on Oracle Linux 6.
Solution:
Please install the updated package(s).
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
