SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 2651)

High Nessus Plugin ID 29365

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

Following security problems were fixed in OpenOffice_org :

This update also brings OpenOffice_org to version 2.0.4.17, same as SUSE Linux Enterprise Desktop 10 and contains lots of bugfixes.

It also contains support for the Office XML converter hooks.

- Various problems were fixed in the Wordperfect converter library libwpd in OpenOffice_org which could be used by remote attackers to potentially execute code or crash OpenOffice_org. (CVE-2007-0002)

- A stack overflow in the StarCalc parser could be used by remote attackers to potentially execute code by supplying a crafted document. (CVE-2007-0238)

- A shell quoting problem when opening URLs was fixed which could be used by remote attackers to execute code by supplying a crafted document and making the user click on an embedded link. (CVE-2007-0239)

Solution

Apply ZYPP patch number 2651.

See Also

http://support.novell.com/security/cve/CVE-2007-0002.html

http://support.novell.com/security/cve/CVE-2007-0238.html

http://support.novell.com/security/cve/CVE-2007-0239.html

Plugin Details

Severity: High

ID: 29365

File Name: suse_OpenOffice_org-2651.nasl

Version: Revision: 1.10

Type: local

Agent: unix

Published: 2007/12/13

Updated: 2012/05/17

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2007/03/01

Reference Information

CVE: CVE-2007-0002, CVE-2007-0238, CVE-2007-0239

CWE: 119