July 2007
Gentoo Linux Security Advisories
ID: 148
Ref: 93/2007
Date: 03 July 2007:15:46:33
Version: 1
Title: Gentoo Linux Security Advisories
Abstract: GLSA 200707-02 OpenOffice.org: Two buffer overflows GLSA 200707-03 Evolution: User-assisted remote execution of arbitrary code
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200707-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: OpenOffice.org: Two buffer overflows
Date: July 02, 2007
Bugs: #181773
ID: 200707-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been discovered in OpenOffice.org, allowing
for the remote execution of arbitrary code.
Background
==========
OpenOffice.org is an open source office productivity suite, including word
processing, spreadsheet, presentation, drawing, data charting, formula
editing, and file conversion facilities.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-office/openoffice < 2.2.1 >= 2.2.1
2 app-office/openoffice-bin < 2.2.1 >= 2.2.1
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------
Description
===========
John Heasman of NGSSoftware has discovered a heap-based buffer overflow
when parsing the "prdata" tag in RTF files where the first token is
smaller than the second one (CVE-2007-0245). Additionally, the OpenOffice
binary program is shipped with a version of FreeType that contains an
integer signedness error in the n_points variable in file
truetype/ttgload.c, which was covered by GLSA 200705-22 (CVE-2007-2754).
Impact
======
A remote attacker could entice a user to open a specially crafted
document, possibly leading to execution of arbitrary code with the rights
of the user running OpenOffice.org.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All OpenOffice.org users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/openoffice-2.2.1"
All OpenOffice.org binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.2.1"
References
==========
[ 1 ] CVE-2007-0245
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0245
[ 2 ] CVE-2007-2754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2754
[ 3 ] GLSA 200705-22
http://www.gentoo.org/security/en/glsa/glsa-200705-22.xml
Availability
============
This GLSA and any updates to it are available for viewing at the Gentoo
Security Website:
http://security.gentoo.org/glsa/glsa-200707-02.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost importance
to us. Any security concerns should be addressed to security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its
owner(s).
The contents of this document are licensed under the Creative Commons -
Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200707-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Evolution: User-assisted remote execution of arbitrary code
Date: July 02, 2007
Bugs: #182011
ID: 200707-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
The IMAP client of Evolution contains a vulnerability potentially leading
to the execution of arbitrary code.
Background
==========
Evolution is the mail client of the GNOME desktop environment. Camel is
the Evolution Data Server module that handles mail functions.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 gnome-extra/evolution-data-server < 1.8.3-r5 >= 1.8.3-r5
*>= 1.6.2-r1
Description
===========
The imap_rescan() function of the file camel-imap-folder.c does not
properly sanitize the "SEQUENCE" response sent by an IMAP server before
being used to index arrays.
Impact
======
A malicious or compromised IMAP server could trigger the vulnerability and
execute arbitrary code with the permissions of the user running Evolution.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Evolution users should upgrade evolution-data-server to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose "gnome-extra/evolution-data-server"
References
==========
[ 1 ] CVE-2007-3257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3257
Availability
============
This GLSA and any updates to it are available for viewing at the Gentoo
Security Website:
http://security.gentoo.org/glsa/glsa-200707-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost importance
to us. Any security concerns should be addressed to security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
=======
Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its
owner(s).
The contents of this document are licensed under the Creative Commons -
Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
___________________________________________________________________________
CPNI values your feedback.
1. Which of the following most reflects the value of
the advisory to you?
(Place an 'X' next to your choice)
Very useful:__ Useful:__ Not useful:__
2. If you did not find it useful, why not?
3. Any other comments? How could we improve our advisories?
Thank you for your contribution.
___________________________________________________________________________
CPNI wishes to acknowledge the contributions of Gentoo Foundation, Inc
for the information contained in this advisory.
___________________________________________________________________________
This advisory contains information released by the original author. Some
of the information may have changed since it was released. If the issue
affects you, it may be prudent to retrieve the advisory from the site of
the original source to ensure that you receive the most current
information concerning that problem.
Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by CPNI. The views and
opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.
CPNI shall not accept responsibility for any errors or omissions
contained within this advisory. In particular, they shall not be liable
for any loss or damage whatsoever, arising from or in connection with the
usage of information contained within this advisory.
CPNI is a member of the Forum of Incident Response and Security Teams
(FIRST) and has contacts with other international Incident Response Teams
(IRTs) in order to foster cooperation and coordination in incident
prevention, to prompt rapid reaction to incidents, and to promote
information sharing amongst its members and the community at large.
___________________________________________________________________________
<End of CPNI Advisory>