Debian Security Advisory DSA 2473-1 (openoffice.org) Network Vulnerability

Summary

The remote host is missing an update to openoffice.org announced via advisory DSA 2473-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202473-1

Insight

Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution. For the stable distribution (squeeze), this problem has been fixed in version 1:3.2.1-11+squeeze5. For the testing distribution (wheezy) and the unstable distribution (sid), this problem has been fixed in version 1:3.4.5-1 of the libreoffice package. We recommend that you upgrade your openoffice.org packages.

Severity

Classification

CVE CVE-2012-1149

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 106-1 (rsync)
Debian Security Advisory DSA 1063-1 (phpgroupware)
Debian Security Advisory DSA 107-1 (jgroff)
Debian Security Advisory DSA 042-1 (gnuserv, xemacs21)
Debian Security Advisory DSA 1011-1 (kernel-patch-vserver, util-vserver)

Take action and discover your vulnerabilities