Fedora 12 : openoffice.org-3.1.1-19.26.fc12 (2010-1847)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

- Fri Feb 12 2010 Caolan McNamara <caolanm at redhat.com>
- 1:3.1.1-19.26

- CVE-2009-2950 GIF file parsing heap overflow (caolanm)

- CVE-2009-2949 integer overflow in XPM processing
(caolanm)

- CVE-2009-3301 .doc Table Parsing vulernability
(caolanm)

- CVE-2009-3302 .doc Table Parsing vulernability
(caolanm)

- Resolves: rhbz#561778
openoffice.org-3.2.0.oooXXXXX.svx.safestyledelete.patc
h

- Resolves: rhbz#561989
openoffice.org-3.2.0.ooo109009.sc.tooltipcrash.patch

- Resolves: rhbz#445588 improve same name substitution

- Tue Feb 2 2010 Caolan McNamara <caolanm at redhat.com>
- 1:3.1.1-19.25

- Resolves: rhbz#549890 add workspace.extmgr01.patch
(dtardon)

- Resolves: rhbz#551983 OpenOffice writer crashes when
opening document with link in footnote (dtardon)

- Resolves: rhbz#550316 Openoffice.org Impress loses
graphics when background color is changed (dtardon)

- Resolves: rhbz#554259 No autocorrect files for
Lithuanian (dtardon)

- Resolves: rhbz#553929 [abrt] crash in
ColorConfigCtrl_Impl::ScrollHdl (dtardon)

- Resolves: rhbz#549573 improve document compare (caolanm)

- Resolves: rbhz#555257 openoffice cannot use JPEG
images using CMYK colorspace (dtardon)

- Resolves: rhbz#558342 [abrt] crash in
SvxNumOptionsTabPage::InitControls (dtardon)

- Resolves: ooo#108637/rhbz#558253 sfx2 uisavedir
(caolanm)

- Resolves: rhbz#560435 rtf dropcap crash (caolanm)

- Resolves: rhbz#560996/rhbz#560353 qstartfixes
(caolanm)

- Tue Dec 22 2009 Caolan McNamara <caolanm at
redhat.com> - 1:3.1.1-19.24

- Resolves: rhbz#545824 bustage in writer with
emboldened fonts

- Fri Dec 18 2009 Caolan McNamara <caolanm at
redhat.com> - 1:3.1.1-19.23

- Resolves: rhbz#548512 workspace.ooo32gsl03.patch

- Tue Dec 15 2009 Caolan McNamara <caolanm at
redhat.com> - 1:3.1.1-19.22

- Resolves: rhbz#529648 add workspace.fwk132.patch

- Resolves: rhbz#547176 add
openoffice.org-3.2.0.ooo47279.sd.objectsave.safe.patch

- Wed Dec 9 2009 Caolan McNamara <caolanm at redhat.com> -
1:3.1.1-19.21

- Resolves: rhbz#544124 add
openoffice.org-3.2.0.ooo106502.svx.fixspelltimer.patch

- Resolves: rhbz#544218 add
openoffice.org-3.2.0.ooo107552.vcl.sft.patch

- Resolves: rhbz#545783 add workspace.vcl105.patch

- Fri Nov 27 2009 Caolan McNamara <caolanm at
redhat.com> - 1:3.1.1-19.20

- Resolves: rhbz#541222 add
openoffice.org-3.2.0.ooo107260.dtrans.clipboard.shutdo
wn.patch (caolanm)

- Mon Nov 23 2009 Caolan McNamara <caolanm at redhat.com>
- 1:3.1.1-19.19

- Resolves: rhbz#540379/ooo#107131 impress tabledrag
crash

- Resolves: rhbz#540231 add
openoffice.org-3.2.0.oooXXXXX.canvas.fixcolorspace.pat
ch

- add
openoffice.org-4.2.0.ooo107151.sc.pop-empty-cell.patch
(dtardon)

- Resolves: rhbz#533538 OpenOffice keyboard shortcuts
mis-map in the Spanish localized version of OOo
(caolanm)

- Tue Nov 17 2009 Caolan McNamara <caolanm at redhat.com>
- 1:3.1.1-19.18

- Resolves: ooo#59648 sw .doc export scaling (caolanm)

- Tue Nov 10 2009 Caolan McNamara <caolanm at
redhat.com> - 1:3.1.1-19.17

- Resolves: rhbz#533841 ooo#105710 svx
loadstorenumbering (caolanm)

[plus 8 lines in the Changelog]

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=527512
https://bugzilla.redhat.com/show_bug.cgi?id=527540
https://bugzilla.redhat.com/show_bug.cgi?id=533038
https://bugzilla.redhat.com/show_bug.cgi?id=533043
http://www.nessus.org/u?7a24e1b6

Solution :

Update the affected openoffice.org package.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 47276 (fedora_2010-1847.nasl)

Bugtraq ID: 38218

CVE ID: CVE-2009-2949
CVE-2009-2950
CVE-2009-3301
CVE-2009-3302

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now