-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1104-2 security@debian.org http://www.debian.org/security/ Martin Schulze July 6th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : openoffice.org Vulnerability : several Problem type : local (remote) Debian-specific: no CVE ID : CVE-2006-3117 Loading malformed XML documents can cause buffer overflows in OpenOffice.org, a free office suite, and cause a denial of service or execute arbitrary code. It turned out that the correction in DSA 1104-1 was not sufficient, hence, another update. The old stable distribution (woody) does not contain OpenOffice.org packages. For the stable distribution (sarge) this problem has been fixed in version 1.1.3-9sarge3. For the unstable distribution (sid) this problem has been fixed in version 2.0.3-1. We recommend that you upgrade your OpenOffice.org packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge3.dsc Size/MD5 checksum: 2878 d4c38e6f466931c04bba4d2cea73a3e5 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge3.diff.gz Size/MD5 checksum: 4625079 30b33df9655dda05a892d32db462aa92 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz Size/MD5 checksum: 166568714 5250574bad9906b38ce032d04b765772 Architecture independent components: http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2648380 f6ac339b028343125144673bc2a7c1ed http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2695816 0d1711358eb05ee82d65c00f06e7fbaf http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2692590 1b7bd179a49d6b97b976ca3a1354c0f5 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3587658 b66df13ff4fc5d639e922aebaa050ac1 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2664526 fbd308813c7f8e24b542b436f2cee8e7 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3584150 c56619c9d118293e6985a5af571fb319 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3454910 3e8f6928f1bc2c90a457dbee15b16bf4 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2742650 caa4e264e4b82688db86b4819a1a013a http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3526732 b21221309f66f41fd17d8b1515b607a6 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3563116 24df087401b004b1afb0dd45bdc563be http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2646256 eb6915efbba41167d528cb4975cbb241 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2670092 adab178e6c264d2cb09af0d4f09ba0f9 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2674922 7058d664951875ce398dc989b85b7294 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3495804 d57a92a46ab0209939460431ed32a664 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2658900 2a8ea6deb45a39a182e21c71b54d1d35 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2661098 5f4c271221a1a38d796505dc8f7137d2 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2696758 19af8f30892088ad8c07d449efcfcda3 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2772322 9f445569e50a87e219e8d0ca8b083fd9 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3557058 3e70af8dacb501b640ebe57bfc518526 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3564588 e2cc7fbf12101b937f3ee63b99c6d25f http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2686258 024c5c9bf4221beaa532f89503aee312 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3541012 9780952133a274ec0b58a13a133cdecc http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-lt_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2673582 297bee70f7a4866fb23aedcd9cf4e1ed http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nb_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2665430 ae63bc02b6e05e48a446586b63cca1f9 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nl_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3561446 55e249208385bc7aa73590b7296b8469 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-nn_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2665430 28b1a01210eeb70aba55994ccca15525 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ns_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2667370 38fd5b158b3bf05e6d4fc4f92923be3c http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pl_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3240708 577c27b929aa80dc0e711380ae4898e3 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt-br_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3527510 c82fb2d7a8fe81cad1b1d119f8c0ef92 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-pt_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3163844 130cc0a865f7705ccd7ef924cb6dc2e2 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ru_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3332966 e88104c59b70703dcd5b25db8af8a4a4 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sk_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3604558 25cb5a34e29429c823b0aafc17c05c45 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sl_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3600370 0ecde6752ba79a93518b49ad24ce3015 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-sv_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3543684 202d56e797ef44fae4fb1fbc76bbf63e http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-th_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2689600 7bb72f60492fb2190778452259cebbed http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tn_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2652418 da5b0444bf01b2a2699096e271e16b4c http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-tr_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2894960 5a841f354a48a9459d4e56352e49987f http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-cn_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3553834 88f8e27329f02b1aa0c25ae345cf6e0b http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zh-tw_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3549306 835854594b30a38edb137f29248c799c http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-zu_1.1.3-9sarge3_all.deb Size/MD5 checksum: 2673242 8be34f68a30420bf52410892f2df62a9 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-mimelnk_1.1.3-9sarge3_all.deb Size/MD5 checksum: 67226 2273e04fcf529f1f84bbc42f80a3688f http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-thesaurus-en-us_1.1.3-9sarge3_all.deb Size/MD5 checksum: 3131070 947a11b15c031d1bb33c92d6c3643924 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge3_all.deb Size/MD5 checksum: 6852240 2d1decf22f9be4fb21f9139ed1e6c56e http://security.debian.org/pool/updates/main/o/openoffice.org/ttf-opensymbol_1.1.3-9sarge3_all.deb Size/MD5 checksum: 137166 dc75ad0ae88990d12fdd494052ca3b3b Intel IA-32 architecture: http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge3_i386.deb Size/MD5 checksum: 41472986 668498b6363046ae01af48f451292c97 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_i386.deb Size/MD5 checksum: 1858712 cabdc55e6b936feee486b2b15ebe370e http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge3_i386.deb Size/MD5 checksum: 164478 70505eb137ed891dac0d2586189f6aab http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge3_i386.deb Size/MD5 checksum: 160060 88257ae2b15f11b6d996f8cb38057a1e http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge3_i386.deb Size/MD5 checksum: 144096 6268854159cc5408e1aba9241f528da9 PowerPC architecture: http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge3_powerpc.deb Size/MD5 checksum: 39929050 6b697b4b36d84d86795bd15557925b1c http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_powerpc.deb Size/MD5 checksum: 1865570 6a90926bbb20b639c8938ff5e8e3c4e6 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge3_powerpc.deb Size/MD5 checksum: 161522 f5002091dab131401daf9e9671ac3e2d http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge3_powerpc.deb Size/MD5 checksum: 158756 8815d8094bbcb3731675eeef16c5d082 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge3_powerpc.deb Size/MD5 checksum: 142256 d9ec1b5c84c1fe03061dc96afc7bfa45 IBM S/390 architecture: http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge3_s390.deb Size/MD5 checksum: 42753292 2d967320b1d629e5400b318f230363c8 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_s390.deb Size/MD5 checksum: 1852916 c529a2ab155b8070d7a0b0c4a16ce4c0 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge3_s390.deb Size/MD5 checksum: 166770 b1ed7f10ab03320cc7f29468dc644c04 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge3_s390.deb Size/MD5 checksum: 166640 0d72ad7d0f18d11baff5a16f7b257b9d http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge3_s390.deb Size/MD5 checksum: 145274 45b22dd4f8513bfc967ba6917e525a9d Sun Sparc architecture: http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-bin_1.1.3-9sarge3_sparc.deb Size/MD5 checksum: 47625418 94aeb50ab843d90f08864764323b78d0 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-dev_1.1.3-9sarge3_sparc.deb Size/MD5 checksum: 1847642 1c7c275b12ee21cf09c1bef408699aad http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-evolution_1.1.3-9sarge3_sparc.deb Size/MD5 checksum: 198122 cba2c9a9f441f9bda7efca03a86390ed http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-gtk-gnome_1.1.3-9sarge3_sparc.deb Size/MD5 checksum: 182598 10795093b9549216d634124df90b9e81 http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-kde_1.1.3-9sarge3_sparc.deb Size/MD5 checksum: 164870 7d4919bb3431df53c0cb9a0708bdc728 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFErQBwW5ql+IAeqTIRAu1fAKCheDQF1ryqD/5RAV2aC0LjWJVaNACdG3Z+ xmpGQne9VHfOKVeEH8/nun8= =6MZN -----END PGP SIGNATURE-----