Vulnerabilities > CVE-2010-3454 - Off-by-one Error vulnerability in multiple products

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
apache
canonical
debian
CWE-193
critical
nessus

Summary

Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idOPENOFFICE_33.NASL
    descriptionThe version of Oracle OpenOffice.org installed on the remote host is prior to 3.3. It is, therefore, affected by several issues : - Issues exist relating to PowerPoint document processing that may lead to arbitrary code execution. (CVE-2010-2935, CVE-2010-2936) - A directory traversal vulnerability exists in zip / jar package extraction. (CVE-2010-3450) - Issues exist relating to RTF document processing that may lead to arbitrary code execution. (CVE-2010-3451, CVE-2010-3452) - Issues exist relating to Word document processing that may lead to arbitrary code execution. (CVE-2010-3453, CVE-2010-3454) - Issues exist in the third-party XPDF library relating to PDF document processing that may allow arbitrary code execution. (CVE-2010-3702, CVE-2010-3704) - OpenOffice.org includes a version of LIBXML2 that is affected by multiple vulnerabilities. (CVE-2010-4008, CVE-2010-4494) - An issue exists with PNG file processing that may allow arbitrary code execution. (CVE-2010-4253) - An issue exists with TGA file processing that may allow arbitrary code execution. (CVE-2010-4643)
    last seen2020-06-01
    modified2020-06-02
    plugin id51773
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51773
    titleOracle OpenOffice.org < 3.3 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(51773);
      script_version("1.19");
      script_cvs_date("Date: 2018/11/15 20:50:27");
    
      script_cve_id(
        "CVE-2010-2935",
        "CVE-2010-2936",
        "CVE-2010-3450",
        "CVE-2010-3451",
        "CVE-2010-3452",
        "CVE-2010-3453",
        "CVE-2010-3454",
        "CVE-2010-3702",
        "CVE-2010-3704",
        "CVE-2010-4008",
        "CVE-2010-4253",
        "CVE-2010-4494",
        "CVE-2010-4643"
      );
      script_bugtraq_id(42202, 44779, 45617, 46031);
      script_xref(name:"Secunia", value:"40775");
    
      script_name(english:"Oracle OpenOffice.org < 3.3 Multiple Vulnerabilities");
      script_summary(english:"Checks the version of OpenOffice.org.");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote Windows host has a program affected by multiple
    vulnerabilities."
      );
      script_set_attribute(
        attribute:"description",
        value:
    "The version of Oracle OpenOffice.org installed on the remote host is 
    prior to 3.3. It is, therefore, affected by several issues :
    
      - Issues exist relating to PowerPoint document processing
        that may lead to arbitrary code execution.
        (CVE-2010-2935, CVE-2010-2936)
    
      - A directory traversal vulnerability exists in zip / jar
        package extraction. (CVE-2010-3450)
    
      - Issues exist relating to RTF document processing that
        may lead to arbitrary code execution. (CVE-2010-3451,
        CVE-2010-3452)
    
      - Issues exist relating to Word document processing that
        may lead to arbitrary code execution. (CVE-2010-3453,
        CVE-2010-3454)
    
      - Issues exist in the third-party XPDF library relating
        to PDF document processing that may allow arbitrary code
        execution. (CVE-2010-3702, CVE-2010-3704)
    
      - OpenOffice.org includes a version of LIBXML2 that is
        affected by multiple vulnerabilities. (CVE-2010-4008,
        CVE-2010-4494)
    
      - An issue exists with PNG file processing that may allow
        arbitrary code execution. (CVE-2010-4253)
    
      - An issue exists with TGA file processing that may allow
        arbitrary code execution. (CVE-2010-4643)");
    
      script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2011/Jan/487");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3450.html");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-4253.html");
      script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-4643.html");
      script_set_attribute(attribute:"solution", value:"Upgrade to Oracle OpenOffice.org version 3.3 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_set_attribute(attribute:"vuln_publication_date",value:"2011/01/26");
      script_set_attribute(attribute:"patch_publication_date",value:"2011/01/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/27");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:openoffice.org");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.");
    
      script_dependencies("openoffice_installed.nasl");
      script_require_keys("SMB/OpenOffice/Build");
    
      exit(0);
    }
    
    
    build = get_kb_item("SMB/OpenOffice/Build");
    if (build)
    {
      matches = eregmatch(string:build, pattern:"([0-9]+[a-z][0-9]+)\(Build:([0-9]+)\)");
      if (!isnull(matches))
      {
        buildid = int(matches[2]);
        if (buildid < 9567) 
          security_hole(get_kb_item("SMB/transport"));
        else
         exit(0,"Build " + buildid + " is not affected.");
      }
      else exit(1, "Failed to extract the build number from '"+build+"'.");
    }
    else exit(1, "The 'SMB/OpenOffice/Build' KB item is missing.");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2151.NASL
    descriptionSeveral security related problems have been discovered in the OpenOffice.org package that allows malformed documents to trick the system into crashes or even the execution of arbitrary code. - CVE-2010-3450 During an internal security audit within Red Hat, a directory traversal vulnerability has been discovered in the way OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If a local user is tricked into opening a specially crafted OOo XML filters package file, this problem could allow remote attackers to create or overwrite arbitrary files belonging to local user or, potentially, execute arbitrary code. - CVE-2010-3451 During his work as a consultant at Virtual Security Research (VSR), Dan Rosenberg discovered a vulnerability in OpenOffice.org
    last seen2020-03-17
    modified2011-01-27
    plugin id51677
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51677
    titleDebian DSA-2151-1 : openoffice.org - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-2151. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(51677);
      script_version("1.18");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12");
    
      script_cve_id("CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3452", "CVE-2010-3453", "CVE-2010-3454", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-4643");
      script_xref(name:"DSA", value:"2151");
    
      script_name(english:"Debian DSA-2151-1 : openoffice.org - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several security related problems have been discovered in the
    OpenOffice.org package that allows malformed documents to trick the
    system into crashes or even the execution of arbitrary code.
    
      - CVE-2010-3450
        During an internal security audit within Red Hat, a
        directory traversal vulnerability has been discovered in
        the way OpenOffice.org 3.1.1 through 3.2.1 processes XML
        filter files. If a local user is tricked into opening a
        specially crafted OOo XML filters package file, this
        problem could allow remote attackers to create or
        overwrite arbitrary files belonging to local user or,
        potentially, execute arbitrary code.
    
      - CVE-2010-3451
        During his work as a consultant at Virtual Security
        Research (VSR), Dan Rosenberg discovered a vulnerability
        in OpenOffice.org's RTF parsing functionality. Opening a
        maliciously crafted RTF document can cause an
        out-of-bounds memory read into previously allocated heap
        memory, which may lead to the execution of arbitrary
        code.
    
      - CVE-2010-3452
        Dan Rosenberg discovered a vulnerability in the RTF file
        parser which can be leveraged by attackers to achieve
        arbitrary code execution by convincing a victim to open
        a maliciously crafted RTF file.
    
      - CVE-2010-3453
        As part of his work with Virtual Security Research, Dan
        Rosenberg discovered a vulnerability in the
        WW8ListManager::WW8ListManager() function of
        OpenOffice.org that allows a maliciously crafted file to
        cause the execution of arbitrary code.
    
      - CVE-2010-3454
        As part of his work with Virtual Security Research, Dan
        Rosenberg discovered a vulnerability in the
        WW8DopTypography::ReadFromMem() function in
        OpenOffice.org that may be exploited by a maliciously
        crafted file which allows an attacker to control program
        flow and potentially execute arbitrary code.
    
      - CVE-2010-3689
        Dmitri Gribenko discovered that the soffice script does
        not treat an empty LD_LIBRARY_PATH variable like an
        unset one, which may lead to the execution of arbitrary
        code.
    
      - CVE-2010-4253
        A heap based buffer overflow has been discovered with
        unknown impact.
    
      - CVE-2010-4643
        A vulnerability has been discovered in the way
        OpenOffice.org handles TGA graphics which can be tricked
        by a specially crafted TGA file that could cause the
        program to crash due to a heap-based buffer overflow
        with unknown impact."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-3450"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-3451"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-3452"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-3453"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-3454"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-3689"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-4253"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2010-4643"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2011/dsa-2151"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the OpenOffice.org packages.
    
    For the stable distribution (lenny) these problems have been fixed in
    version 2.4.1+dfsg-1+lenny11.
    
    For the upcoming stable distribution (squeeze) these problems have
    been fixed in version 3.2.1-11+squeeze1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openoffice.org");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/27");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"5.0", prefix:"openoffice.org", reference:"2.4.1+dfsg-1+lenny11")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201408-19.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201408-19 (OpenOffice, LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id77467
    published2014-09-01
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/77467
    titleGLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201408-19.
    #
    # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(77467);
      script_version("1.10");
      script_cvs_date("Date: 2019/08/12 17:35:38");
    
      script_cve_id("CVE-2006-4339", "CVE-2009-0200", "CVE-2009-0201", "CVE-2009-0217", "CVE-2009-2949", "CVE-2009-2950", "CVE-2009-3301", "CVE-2009-3302", "CVE-2010-0395", "CVE-2010-2935", "CVE-2010-2936", "CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3452", "CVE-2010-3453", "CVE-2010-3454", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-4643", "CVE-2011-2713", "CVE-2012-0037", "CVE-2012-1149", "CVE-2012-2149", "CVE-2012-2334", "CVE-2012-2665", "CVE-2014-0247");
      script_bugtraq_id(35671, 36200, 38218, 40599, 42202, 46031, 49969, 52681, 53570, 54769, 68151);
      script_xref(name:"GLSA", value:"201408-19");
    
      script_name(english:"GLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201408-19
    (OpenOffice, LibreOffice: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in OpenOffice and
          Libreoffice. Please review the CVE identifiers referenced below for
          details.
      
    Impact :
    
        A remote attacker could entice a user to open a specially crafted file
          using OpenOffice, possibly resulting in execution of arbitrary code with
          the privileges of the process, a Denial of Service condition, execution
          of arbitrary Python code, authentication bypass, or reading and writing
          of arbitrary files.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201408-19"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All OpenOffice (binary) users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-office/openoffice-bin-3.5.5.3'
        All LibreOffice users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=app-office/libreoffice-4.2.5.2'
        All LibreOffice (binary) users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose
          '>=app-office/libreoffice-bin-4.2.5.2'
        We recommend that users unmerge OpenOffice:
          # emerge --unmerge 'app-office/openoffice'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_cwe_id(94, 119, 189, 310);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libreoffice");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libreoffice-bin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openoffice");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openoffice-bin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/08/31");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/09/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-office/libreoffice", unaffected:make_list("ge 4.2.5.2"), vulnerable:make_list("lt 4.2.5.2"))) flag++;
    if (qpkg_check(package:"app-office/libreoffice-bin", unaffected:make_list("ge 4.2.5.2"), vulnerable:make_list("lt 4.2.5.2"))) flag++;
    if (qpkg_check(package:"app-office/openoffice-bin", unaffected:make_list("ge 3.5.5.3"), vulnerable:make_list("lt 3.5.5.3"))) flag++;
    if (qpkg_check(package:"app-office/openoffice", unaffected:make_list(), vulnerable:make_list("le 3.5.5.3"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenOffice / LibreOffice");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-0837.NASL
    description - Thu Jan 27 2011 Caolan McNamara <caolanm at redhat.com>- 1:3.2.0-12.35 - CVE-2010-3450 Extensions and filter package files - CVE-2010-3451 / CVE-2010-3452 RTF documents - CVE-2010-3453 / CVE-2010-3454 Word documents - CVE-2010-3689 LD_LIBRARY_PATH usage - CVE-2010-4253 PNG graphics - CVE-2010-4643 TGA graphics - Resolves: rhbz#648475 Crash in scanner dialog - Resolves: rhbz#657628 divide-by-zero - Resolves: rhbz#657718 Crash in SwObjectFormatterTxtFrm - Resolves: rhbz#660312 SDK setup script creates invalid variables (dtardon) - Resolves: rhbz#663780 extend neon mutex locking - Resoves: rhbz#577525 [abrt] crash in ImplRegionBase::~ImplRegionBase (dtardon) - Tue Oct 26 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.34 - Resolves: rhbz#636521 crash in undo in sc - Resolves: rhbz#641637 [abrt] [presentation-minimizer] crash in OptimizationStats::GetStatusValue (dtardon) - make LD_PRELOAD of libsalalloc_malloc.so work again (dtardon) - Resolves: rhbz#642996 [abrt] CffSubsetterContext::readDictOp (dtardon) - Fri Oct 15 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.33 - Resolves: rhbz#637838 Cropped pictures are displayed in entirety in handouts (dtardon) - Tue Oct 12 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.32 - Resolves: rhbz#568277 workaround to avoid the crash (dtardon) - Resolves: rhbz#631543 [abrt] crash on dereferencing dangling pointer passed down from SwCalc::Str2Double (dtardon) - Resolves: rhbz#631823 Line and Filling toolbar glitch on theme change (caolanm) - Resolves: rhbz#637738 threading problems with using libgcrypt via neon when libgcrypt which was initialized by cups to be non-thread safe (caolanm) - Resolves: rhbz#632326 [abrt] [docx] _Construct<long, long> crash (dtardon) - Fri Aug 13 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.31 - Resolves: rhbz#623800 gnome-shell/mutter focus problems - Thu Aug 12 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.30 - Resolves: rhbz#623609 CVE-2010-2935 CVE-2010-2936 - Mon Aug 9 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.29 - Resolves: rhbz#601621 avoid using mmap for copying files - Sun Aug 8 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.28 - Resolves: rhbz#621248 32bit events in forms on 64bit - Resolves rhbz#618047 Brackets incorrectly render in presentations (dtardon) - Wed Aug 4 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.27 - Resolves: rhbz#608114 cppu-lifecycle issues (caolanm) - Resolves: rhbz#566831 [abrt] crash in GetFrmSize (dtardon) - Resolves: rhbz#613278 [abrt] crash in SANE shutdown (caolanm) - Resolves: rhbz#620390 [abrt] crash in SfxViewFrame::GetFrame (dtardon) - Mon Jun 21 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.26 [plus 34 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id52004
    published2011-02-17
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/52004
    titleFedora 13 : openoffice.org-3.2.0-12.35.fc13 (2011-0837)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-0837.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(52004);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:33");
    
      script_cve_id("CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3452", "CVE-2010-3453", "CVE-2010-3454", "CVE-2010-3689", "CVE-2010-4253", "CVE-2010-4643");
      script_bugtraq_id(46031);
      script_xref(name:"FEDORA", value:"2011-0837");
    
      script_name(english:"Fedora 13 : openoffice.org-3.2.0-12.35.fc13 (2011-0837)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Thu Jan 27 2011 Caolan McNamara <caolanm at redhat.com>-
        1:3.2.0-12.35
    
        - CVE-2010-3450 Extensions and filter package files
    
        - CVE-2010-3451 / CVE-2010-3452 RTF documents
    
        - CVE-2010-3453 / CVE-2010-3454 Word documents
    
        - CVE-2010-3689 LD_LIBRARY_PATH usage
    
        - CVE-2010-4253 PNG graphics
    
        - CVE-2010-4643 TGA graphics
    
        - Resolves: rhbz#648475 Crash in scanner dialog
    
        - Resolves: rhbz#657628 divide-by-zero
    
        - Resolves: rhbz#657718 Crash in SwObjectFormatterTxtFrm
    
        - Resolves: rhbz#660312 SDK setup script creates invalid
          variables (dtardon)
    
      - Resolves: rhbz#663780 extend neon mutex locking
    
        - Resoves: rhbz#577525 [abrt] crash in
          ImplRegionBase::~ImplRegionBase (dtardon)
    
      - Tue Oct 26 2010 Caolan McNamara <caolanm at redhat.com>
        - 1:3.2.0-12.34
    
        - Resolves: rhbz#636521 crash in undo in sc
    
        - Resolves: rhbz#641637 [abrt] [presentation-minimizer]
          crash in OptimizationStats::GetStatusValue (dtardon)
    
      - make LD_PRELOAD of libsalalloc_malloc.so work again
        (dtardon)
    
        - Resolves: rhbz#642996 [abrt]
          CffSubsetterContext::readDictOp (dtardon)
    
        - Fri Oct 15 2010 Caolan McNamara <caolanm at
          redhat.com> - 1:3.2.0-12.33
    
        - Resolves: rhbz#637838 Cropped pictures are displayed
          in entirety in handouts (dtardon)
    
      - Tue Oct 12 2010 Caolan McNamara <caolanm at redhat.com>
        - 1:3.2.0-12.32
    
        - Resolves: rhbz#568277 workaround to avoid the crash
          (dtardon)
    
        - Resolves: rhbz#631543 [abrt] crash on dereferencing
          dangling pointer passed down from SwCalc::Str2Double
          (dtardon)
    
      - Resolves: rhbz#631823 Line and Filling toolbar glitch on
        theme change (caolanm)
    
      - Resolves: rhbz#637738 threading problems with using
        libgcrypt via neon when libgcrypt which was initialized
        by cups to be non-thread safe (caolanm)
    
      - Resolves: rhbz#632326 [abrt] [docx] _Construct<long,
        long> crash (dtardon)
    
      - Fri Aug 13 2010 Caolan McNamara <caolanm at redhat.com>
        - 1:3.2.0-12.31
    
        - Resolves: rhbz#623800 gnome-shell/mutter focus
          problems
    
        - Thu Aug 12 2010 Caolan McNamara <caolanm at
          redhat.com> - 1:3.2.0-12.30
    
        - Resolves: rhbz#623609 CVE-2010-2935 CVE-2010-2936
    
        - Mon Aug 9 2010 Caolan McNamara <caolanm at redhat.com>
          - 1:3.2.0-12.29
    
        - Resolves: rhbz#601621 avoid using mmap for copying
          files
    
        - Sun Aug 8 2010 Caolan McNamara <caolanm at redhat.com>
          - 1:3.2.0-12.28
    
        - Resolves: rhbz#621248 32bit events in forms on 64bit
    
        - Resolves rhbz#618047 Brackets incorrectly render in
          presentations (dtardon)
    
      - Wed Aug 4 2010 Caolan McNamara <caolanm at redhat.com> -
        1:3.2.0-12.27
    
        - Resolves: rhbz#608114 cppu-lifecycle issues (caolanm)
    
        - Resolves: rhbz#566831 [abrt] crash in GetFrmSize
          (dtardon)
    
        - Resolves: rhbz#613278 [abrt] crash in SANE shutdown
          (caolanm)
    
        - Resolves: rhbz#620390 [abrt] crash in
          SfxViewFrame::GetFrame (dtardon)
    
        - Mon Jun 21 2010 Caolan McNamara <caolanm at
          redhat.com> - 1:3.2.0-12.26
    
    [plus 34 lines in the Changelog]
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=602324"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=640241"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=640950"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=640954"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=641224"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=641282"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=658259"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=667588"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-February/054137.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?fc0856df"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected openoffice.org package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openoffice.org");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/01/28");
      script_set_attribute(attribute:"patch_publication_date", value:"2011/01/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC13", reference:"openoffice.org-3.2.0-12.35.fc13")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openoffice.org");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1056-1.NASL
    descriptionCharlie Miller discovered several heap overflows in PPT processing. If a user or automated system were tricked into opening a specially crafted PPT document, a remote attacker could execute arbitrary code with user privileges. Ubuntu 10.10 was not affected. (CVE-2010-2935, CVE-2010-2936) Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. If a user or automated system were tricked into opening a specially crafted document, a remote attacker overwrite arbitrary files, possibly leading to arbitrary code execution with user privileges. (CVE-2010-3450) Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. If a user or automated system were tricked into opening a specially crafted RTF or DOC document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454) Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. If a local attacker tricked a user or automated system into using OpenOffice.org from an attacker-controlled directory, they could execute arbitrary code with user privileges. (CVE-2010-3689) Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-4253) It was discovered that OpenOffice.org did not correctly process TGA images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-4643). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id51858
    published2011-02-03
    reporterUbuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51858
    titleUbuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : openoffice.org vulnerabilities (USN-1056-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_OPENOFFICE_ORG-110330.NASL
    descriptionMaintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. - fixed security bugs : - PowerPoint document processing (CVE-2010-2935, CVE-2010-2936) - extensions and filter package files (CVE-2010-3450) - RTF document processing (CVE-2010-3451, CVE-2010-3452) - Word document processing (CVE-2010-3453, CVE-2010-3454) - insecure LD_LIBRARY_PATH usage (CVE-2010-3689) - PDF Import extension resulting from 3rd party library XPD (CVE-2010-3702, CVE-2010-3704) - PNG file processing (CVE-2010-4253) - TGA file processing (CVE-2010-4643) - most important changes : - maintenance update (bnc#667421, MaintenanceTracker-38738) - enabled KDE3 support (bnc#678998) - libreoffice-3.3.1.2 == 3.3.1-rc2 == final - fixed audio/video playback in presentation (deb#612940, bnc#651250) - fixed non-working input methods in KDE4 (bnc#665112) - fixed occasional blank first slide (fdo#34533) - fixed cairo canvas edge count calculation (bnc#647959) - updated to libreoffice-3.3.1.2 (3.3.1-rc2) : - l10n - updated some translations - libs-core - crashing oosplash and malformed picture (bnc#652562) - Byref and declare Basic statement (fdo#33964, i#115716) - fixed BorderLine(2) conversion to SvxBorderLine (fdo#34226) - libs-gui - getEnglishSearchFontName() searches Takao fonts - sdk - fix ODK settings.mk to only set STLPORTLIB if needed - writer - rtfExport::HackIsWW8OrHigher(): return true (fdo#33478) - visual editor destroys formulas containing symbols (fdo#32759, fdo#32755) - enabled KDE4 support for SLED11; LO-3.3.1 fixed the remaining annoying bugs - fixed EMF+ import (bnc#650049) - updated to libreoffice-3.3.1.1 (3.3.1-rc1) : - artwork - new MIME type icons for LibreOffice - bootstrap - wrong line break with ( (fdo#31271) - build - default formula string (n#664516) - don
    last seen2020-06-01
    modified2020-06-02
    plugin id53784
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53784
    titleopenSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0337-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_OPENOFFICE_ORG-110330.NASL
    descriptionMaintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. - fixed security bugs : - PowerPoint document processing (CVE-2010-2935, CVE-2010-2936) - extensions and filter package files (CVE-2010-3450) - RTF document processing (CVE-2010-3451, CVE-2010-3452) - Word document processing (CVE-2010-3453, CVE-2010-3454) - insecure LD_LIBRARY_PATH usage (CVE-2010-3689) - PDF Import extension resulting from 3rd party library XPD (CVE-2010-3702, CVE-2010-3704) - PNG file processing (CVE-2010-4253) - TGA file processing (CVE-2010-4643) - most important changes : - add conflicts to force migration to libreoffice - obsolete Quickstarter - enabled KDE3 support (bnc#678998) - libreoffice-3.3.1.2 == 3.3.1-rc2 == final - fixed audio/video playback in presentation (deb#612940, bnc#651250) - fixed non-working input methods in KDE4 (bnc#665112) - fixed occasional blank first slide (fdo#34533) - fixed cairo canvas edge count calculation (bnc#647959) - updated to libreoffice-3.3.1.2 (3.3.1-rc2) : - l10n - updated some translations - libs-core - crashing oosplash and malformed picture (bnc#652562) - Byref and declare Basic statement (fdo#33964, i#115716) - fixed BorderLine(2) conversion to SvxBorderLine (fdo#34226) - libs-gui - getEnglishSearchFontName() searches Takao fonts - sdk - fix ODK settings.mk to only set STLPORTLIB if needed - writer - rtfExport::HackIsWW8OrHigher(): return true (fdo#33478) - visual editor destroys formulas containing symbols (fdo#32759, fdo#32755) - enabled KDE4 support for SLED11; LO-3.3.1 fixed the remaining annoying bugs - fixed EMF+ import (bnc#650049) - updated to libreoffice-3.3.1.1 (3.3.1-rc1) : - artwork - new MIME type icons for LibreOffice - bootstrap - wrong line break with ( (fdo#31271) - build - default formula string (n#664516) - don
    last seen2020-06-01
    modified2020-06-02
    plugin id75687
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75687
    titleopenSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0336-1)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110128_OPENOFFICE_ORG_ON_SL6_X.NASL
    descriptionAn array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a
    last seen2020-06-01
    modified2020-06-02
    plugin id60947
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60947
    titleScientific Linux Security Update : openoffice.org on SL6.x i386/x86_64
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-0182.NASL
    descriptionUpdated openoffice.org packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a
    last seen2020-06-01
    modified2020-06-02
    plugin id53831
    published2011-05-09
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53831
    titleCentOS 5 : openoffice.org (CESA-2011:0182)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2011-027.NASL
    descriptionMultiple vulnerabilities were discovered and corrected in OpenOffice.org : Multiple directory traversal vulnerabilities allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in an XSLT JAR filter description file, an Extension (aka OXT) file, or unspecified other JAR or ZIP files (CVE-2010-3450). Use-after-free vulnerability in oowriter allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document (CVE-2010-3451). Use-after-free vulnerability in oowriter allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document (CVE-2010-3452). The WW8ListManager::WW8ListManager function in oowriter does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write (CVE-2010-3453). Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write (CVE-2010-3454). soffice places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-3689). Heap-based buffer overflow in Impress allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document (CVE-2010-4253). Heap-based buffer overflow in Impress allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TGA file in an ODF or Microsoft Office document (CVE-2010-4643). OpenOffice.org packages have been updated in order to fix these issues. Additionally openoffice.org-voikko packages that require OpenOffice.org are also being provided and voikko package is upgraded from 2.0 to 2.2.1 version in MES5.1.
    last seen2020-06-01
    modified2020-06-02
    plugin id51982
    published2011-02-15
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51982
    titleMandriva Linux Security Advisory : openoffice.org (MDVSA-2011:027)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0182.NASL
    descriptionUpdated openoffice.org packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a
    last seen2020-06-01
    modified2020-06-02
    plugin id51826
    published2011-01-31
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51826
    titleRHEL 5 : openoffice.org (RHSA-2011:0182)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0183.NASL
    descriptionFrom Red Hat Security Advisory 2011:0183 : Updated openoffice.org packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a
    last seen2020-06-01
    modified2020-06-02
    plugin id68190
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68190
    titleOracle Linux 6 : openoffice.org (ELSA-2011-0183)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110128_OPENOFFICE_ORG_ON_SL5_X.NASL
    descriptionAn array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a
    last seen2020-06-01
    modified2020-06-02
    plugin id60946
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60946
    titleScientific Linux Security Update : openoffice.org on SL5.x i386/x86_64
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-0181.NASL
    descriptionUpdated openoffice.org and openoffice.org2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) Red Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id51887
    published2011-02-06
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51887
    titleCentOS 4 : openoffice.org / openoffice.org2 (CESA-2011:0181)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBREOFFICE331-110318.NASL
    descriptionMaintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. List of LibreOffice-3.3 features : General - online help - common search toolbar - new easier
    last seen2020-06-01
    modified2020-06-02
    plugin id52735
    published2011-03-21
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52735
    titleSuSE 11.1 Security Update : Libreoffice (SAT Patch Number 4082)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBREOFFICE331-7365.NASL
    descriptionMaintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. List of LibreOffice-3.3 features : General - online help - common search toolbar - new easier
    last seen2020-06-01
    modified2020-06-02
    plugin id52738
    published2011-03-21
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/52738
    titleSuSE 10 Security Update : Libreoffice (ZYPP Patch Number 7365)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-0181.NASL
    descriptionFrom Red Hat Security Advisory 2011:0181 : Updated openoffice.org and openoffice.org2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) Red Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68189
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68189
    titleOracle Linux 4 : openoffice.org (ELSA-2011-0181)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110128_OPENOFFICE_ORG_AND_OPENOFFICE_ORG2_ON_SL4_X.NASL
    descriptionAn array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id60945
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60945
    titleScientific Linux Security Update : openoffice.org and openoffice.org2 on SL4.x i386/x86_64
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0183.NASL
    descriptionUpdated openoffice.org packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4253) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) A flaw was found in the script that launches OpenOffice.org. In some situations, a
    last seen2020-06-01
    modified2020-06-02
    plugin id51827
    published2011-01-31
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51827
    titleRHEL 6 : openoffice.org (RHSA-2011:0183)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-0181.NASL
    descriptionUpdated openoffice.org and openoffice.org2 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An array index error and an integer signedness error were found in the way OpenOffice.org parsed certain Rich Text Format (RTF) files. An attacker could use these flaws to create a specially crafted RTF file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3451, CVE-2010-3452) A heap-based buffer overflow flaw and an array index error were found in the way OpenOffice.org parsed certain Microsoft Office Word documents. An attacker could use these flaws to create a specially crafted Microsoft Office Word document that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-3453, CVE-2010-3454) A heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially crafted TARGA file. If a document containing this specially crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2010-4643) A directory traversal flaw was found in the way OpenOffice.org handled the installation of XSLT filter descriptions packaged in Java Archive (JAR) files, as well as the installation of OpenOffice.org Extension (.oxt) files. An attacker could use these flaws to create a specially crafted XSLT filter description or extension file that, when opened, would cause the OpenOffice.org Extension Manager to modify files accessible to the user installing the JAR or extension file. (CVE-2010-3450) Red Hat would like to thank OpenOffice.org for reporting the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, and CVE-2010-4643 issues. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter of the CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, and CVE-2010-3454 issues. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id51825
    published2011-01-31
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51825
    titleRHEL 4 : openoffice.org and openoffice.org2 (RHSA-2011:0181)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F2B43905354511E08E810022190034C0.NASL
    descriptionOpenOffice.org Security Team reports : Fixed in OpenOffice.org 3.3 - CVE-2010-2935 / CVE-2010-2936: Security Vulnerability in OpenOffice.org related to PowerPoint document processing - CVE-2010-3450: Security Vulnerability in OpenOffice.org related to Extensions and filter package files - CVE-2010-3451 / CVE-2010-3452: Security Vulnerability in OpenOffice.org related to RTF document processing - CVE-2010-3453 / CVE-2010-3454: Security Vulnerability in OpenOffice.org related to Word document processing - CVE-2010-3689: Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts - CVE-2010-3702 / CVE-2010-3704: Security Vulnerability in OpenOffice.org
    last seen2020-06-01
    modified2020-06-02
    plugin id51966
    published2011-02-14
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51966
    titleFreeBSD : openoffice.org -- Multiple vulnerabilities (f2b43905-3545-11e0-8e81-0022190034c0)

Redhat

advisories
  • rhsa
    idRHSA-2011:0181
  • rhsa
    idRHSA-2011:0182
rpms
  • openoffice.org-0:1.1.5-10.7.el4_8.10
  • openoffice.org-debuginfo-0:1.1.5-10.7.el4_8.10
  • openoffice.org-i18n-0:1.1.5-10.7.el4_8.10
  • openoffice.org-kde-0:1.1.5-10.7.el4_8.10
  • openoffice.org-libs-0:1.1.5-10.7.el4_8.10
  • openoffice.org2-base-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-calc-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-core-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-debuginfo-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-draw-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-emailmerge-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-graphicfilter-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-impress-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-javafilter-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-af_ZA-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-ar-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-bg_BG-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-bn-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-ca_ES-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-cs_CZ-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-cy_GB-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-da_DK-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-de-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-el_GR-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-es-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-et_EE-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-eu_ES-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-fi_FI-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-fr-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-ga_IE-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-gl_ES-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-gu_IN-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-he_IL-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-hi_IN-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-hr_HR-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-hu_HU-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-it-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-ja_JP-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-ko_KR-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-lt_LT-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-ms_MY-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-nb_NO-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-nl-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-nn_NO-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-pa_IN-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-pl_PL-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-pt_BR-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-pt_PT-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-ru-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-sk_SK-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-sl_SI-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-sr_CS-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-sv-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-ta_IN-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-th_TH-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-tr_TR-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-zh_CN-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-zh_TW-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-langpack-zu_ZA-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-math-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-pyuno-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-testtools-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-writer-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org2-xsltfilter-1:2.0.4-5.7.0.6.1.el4_8.8
  • openoffice.org-base-1:3.1.1-19.5.el5_5.6
  • openoffice.org-calc-1:3.1.1-19.5.el5_5.6
  • openoffice.org-core-1:3.1.1-19.5.el5_5.6
  • openoffice.org-debuginfo-1:3.1.1-19.5.el5_5.6
  • openoffice.org-draw-1:3.1.1-19.5.el5_5.6
  • openoffice.org-emailmerge-1:3.1.1-19.5.el5_5.6
  • openoffice.org-graphicfilter-1:3.1.1-19.5.el5_5.6
  • openoffice.org-headless-1:3.1.1-19.5.el5_5.6
  • openoffice.org-impress-1:3.1.1-19.5.el5_5.6
  • openoffice.org-javafilter-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-af_ZA-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-ar-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-as_IN-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-bg_BG-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-bn-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-ca_ES-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-cs_CZ-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-cy_GB-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-da_DK-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-de-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-el_GR-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-es-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-et_EE-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-eu_ES-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-fi_FI-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-fr-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-ga_IE-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-gl_ES-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-gu_IN-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-he_IL-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-hi_IN-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-hr_HR-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-hu_HU-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-it-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-ja_JP-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-kn_IN-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-ko_KR-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-lt_LT-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-ml_IN-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-mr_IN-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-ms_MY-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-nb_NO-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-nl-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-nn_NO-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-nr_ZA-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-nso_ZA-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-or_IN-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-pa_IN-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-pl_PL-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-pt_BR-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-pt_PT-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-ru-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-sk_SK-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-sl_SI-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-sr_CS-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-ss_ZA-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-st_ZA-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-sv-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-ta_IN-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-te_IN-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-th_TH-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-tn_ZA-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-tr_TR-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-ts_ZA-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-ur-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-ve_ZA-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-xh_ZA-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-zh_CN-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-zh_TW-1:3.1.1-19.5.el5_5.6
  • openoffice.org-langpack-zu_ZA-1:3.1.1-19.5.el5_5.6
  • openoffice.org-math-1:3.1.1-19.5.el5_5.6
  • openoffice.org-pyuno-1:3.1.1-19.5.el5_5.6
  • openoffice.org-sdk-1:3.1.1-19.5.el5_5.6
  • openoffice.org-sdk-doc-1:3.1.1-19.5.el5_5.6
  • openoffice.org-testtools-1:3.1.1-19.5.el5_5.6
  • openoffice.org-ure-1:3.1.1-19.5.el5_5.6
  • openoffice.org-writer-1:3.1.1-19.5.el5_5.6
  • openoffice.org-xsltfilter-1:3.1.1-19.5.el5_5.6
  • autocorr-af-1:3.2.1-19.6.el6_0.5
  • autocorr-bg-1:3.2.1-19.6.el6_0.5
  • autocorr-cs-1:3.2.1-19.6.el6_0.5
  • autocorr-da-1:3.2.1-19.6.el6_0.5
  • autocorr-de-1:3.2.1-19.6.el6_0.5
  • autocorr-en-1:3.2.1-19.6.el6_0.5
  • autocorr-es-1:3.2.1-19.6.el6_0.5
  • autocorr-eu-1:3.2.1-19.6.el6_0.5
  • autocorr-fa-1:3.2.1-19.6.el6_0.5
  • autocorr-fi-1:3.2.1-19.6.el6_0.5
  • autocorr-fr-1:3.2.1-19.6.el6_0.5
  • autocorr-ga-1:3.2.1-19.6.el6_0.5
  • autocorr-hu-1:3.2.1-19.6.el6_0.5
  • autocorr-it-1:3.2.1-19.6.el6_0.5
  • autocorr-ja-1:3.2.1-19.6.el6_0.5
  • autocorr-ko-1:3.2.1-19.6.el6_0.5
  • autocorr-lb-1:3.2.1-19.6.el6_0.5
  • autocorr-lt-1:3.2.1-19.6.el6_0.5
  • autocorr-mn-1:3.2.1-19.6.el6_0.5
  • autocorr-nl-1:3.2.1-19.6.el6_0.5
  • autocorr-pl-1:3.2.1-19.6.el6_0.5
  • autocorr-pt-1:3.2.1-19.6.el6_0.5
  • autocorr-ru-1:3.2.1-19.6.el6_0.5
  • autocorr-sk-1:3.2.1-19.6.el6_0.5
  • autocorr-sl-1:3.2.1-19.6.el6_0.5
  • autocorr-sv-1:3.2.1-19.6.el6_0.5
  • autocorr-tr-1:3.2.1-19.6.el6_0.5
  • autocorr-vi-1:3.2.1-19.6.el6_0.5
  • autocorr-zh-1:3.2.1-19.6.el6_0.5
  • broffice.org-base-1:3.2.1-19.6.el6_0.5
  • broffice.org-brand-1:3.2.1-19.6.el6_0.5
  • broffice.org-calc-1:3.2.1-19.6.el6_0.5
  • broffice.org-draw-1:3.2.1-19.6.el6_0.5
  • broffice.org-impress-1:3.2.1-19.6.el6_0.5
  • broffice.org-math-1:3.2.1-19.6.el6_0.5
  • broffice.org-writer-1:3.2.1-19.6.el6_0.5
  • openoffice.org-base-1:3.2.1-19.6.el6_0.5
  • openoffice.org-base-core-1:3.2.1-19.6.el6_0.5
  • openoffice.org-brand-1:3.2.1-19.6.el6_0.5
  • openoffice.org-bsh-1:3.2.1-19.6.el6_0.5
  • openoffice.org-calc-1:3.2.1-19.6.el6_0.5
  • openoffice.org-calc-core-1:3.2.1-19.6.el6_0.5
  • openoffice.org-core-1:3.2.1-19.6.el6_0.5
  • openoffice.org-debuginfo-1:3.2.1-19.6.el6_0.5
  • openoffice.org-devel-1:3.2.1-19.6.el6_0.5
  • openoffice.org-draw-1:3.2.1-19.6.el6_0.5
  • openoffice.org-draw-core-1:3.2.1-19.6.el6_0.5
  • openoffice.org-emailmerge-1:3.2.1-19.6.el6_0.5
  • openoffice.org-graphicfilter-1:3.2.1-19.6.el6_0.5
  • openoffice.org-headless-1:3.2.1-19.6.el6_0.5
  • openoffice.org-impress-1:3.2.1-19.6.el6_0.5
  • openoffice.org-impress-core-1:3.2.1-19.6.el6_0.5
  • openoffice.org-javafilter-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-af_ZA-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-ar-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-as_IN-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-bg_BG-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-bn-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-ca_ES-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-cs_CZ-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-cy_GB-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-da_DK-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-de-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-dz-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-el_GR-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-en-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-es-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-et_EE-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-eu_ES-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-fi_FI-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-fr-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-ga_IE-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-gl_ES-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-gu_IN-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-he_IL-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-hi_IN-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-hr_HR-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-hu_HU-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-it-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-ja_JP-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-kn_IN-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-ko_KR-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-lt_LT-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-mai_IN-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-ml_IN-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-mr_IN-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-ms_MY-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-nb_NO-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-nl-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-nn_NO-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-nr_ZA-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-nso_ZA-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-or_IN-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-pa-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-pl_PL-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-pt_BR-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-pt_PT-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-ro-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-ru-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-sk_SK-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-sl_SI-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-sr-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-ss_ZA-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-st_ZA-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-sv-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-ta_IN-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-te_IN-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-th_TH-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-tn_ZA-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-tr_TR-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-ts_ZA-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-uk-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-ur-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-ve_ZA-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-xh_ZA-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-zh_CN-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-zh_TW-1:3.2.1-19.6.el6_0.5
  • openoffice.org-langpack-zu_ZA-1:3.2.1-19.6.el6_0.5
  • openoffice.org-math-1:3.2.1-19.6.el6_0.5
  • openoffice.org-math-core-1:3.2.1-19.6.el6_0.5
  • openoffice.org-ogltrans-1:3.2.1-19.6.el6_0.5
  • openoffice.org-opensymbol-fonts-1:3.2.1-19.6.el6_0.5
  • openoffice.org-pdfimport-1:3.2.1-19.6.el6_0.5
  • openoffice.org-presentation-minimizer-1:3.2.1-19.6.el6_0.5
  • openoffice.org-presenter-screen-1:3.2.1-19.6.el6_0.5
  • openoffice.org-pyuno-1:3.2.1-19.6.el6_0.5
  • openoffice.org-report-builder-1:3.2.1-19.6.el6_0.5
  • openoffice.org-rhino-1:3.2.1-19.6.el6_0.5
  • openoffice.org-sdk-1:3.2.1-19.6.el6_0.5
  • openoffice.org-sdk-doc-1:3.2.1-19.6.el6_0.5
  • openoffice.org-testtools-1:3.2.1-19.6.el6_0.5
  • openoffice.org-ure-1:3.2.1-19.6.el6_0.5
  • openoffice.org-wiki-publisher-1:3.2.1-19.6.el6_0.5
  • openoffice.org-writer-1:3.2.1-19.6.el6_0.5
  • openoffice.org-writer-core-1:3.2.1-19.6.el6_0.5
  • openoffice.org-xsltfilter-1:3.2.1-19.6.el6_0.5