| Description: | Summary:
The remote host is missing an update for the Debian 'openoffice.org' package(s) announced via the DSA-1547-1 advisory.
Vulnerability Insight:
Several security related problems have been discovered in OpenOffice.org, the free office suite. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2007-5745, CVE-2007-5747 Several bugs have been discovered in the way OpenOffice.org parses Quattro Pro files that may lead to a overflow in the heap potentially leading to the execution of arbitrary code.
CVE-2007-5746
Specially crafted EMF files can trigger a buffer overflow in the heap that may lead to the execution of arbitrary code.
CVE-2008-0320
A bug has been discovered in the processing of OLE files that can cause a buffer overflow in the heap potentially leading to the execution of arbitrary code.
Recently reported problems in the ICU library are fixed in separate libicu packages with DSA 1511 against which OpenOffice.org is linked.
For the old stable distribution (sarge) these problems have been fixed in version 1.1.3-9sarge9.
For the stable distribution (etch) these problems have been fixed in version 2.0.4.dfsg.2-7etch5.
For the testing (lenny) and unstable (sid) distributions these problems have been fixed in version 2.4.0~
ooh680m5-1.
We recommend that you upgrade your openoffice.org packages.
Affected Software/OS:
'openoffice.org' package(s) on Debian 3.1, Debian 4.
Solution:
Please install the updated package(s).
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
