Gentoo Linux Security Advisory 201408-19 - Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code.
25cba7cb86e5c00a8edba21108a03562ceee1d3bf37cd0e99baa6eabd8e19dc3
Gentoo Linux Security Advisory 201206-13 - Multiple vulnerabilities were found in Mono, the worst of which allowing for the remote execution of arbitrary code. Versions less than 2.8.1-r1 are affected.
8894376799d8215e45a29bc083e642716aabec87867cd424a30c18181dc497dc
Ubuntu Security Notice 903-1 - OpenOffice suffers from multiple vulnerabilities. It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. If a user were tricked into opening a specially crafted image, an attacker could execute arbitrary code with user privileges. Nicolas Joly discovered that OpenOffice did not correctly handle certain Word documents. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary code with user privileges. It was discovered that OpenOffice did not correctly handle certain VBA macros correctly. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary macro commands, bypassing security controls.
d0a5d9315dd8e403cd8b3e519b8802f52fab3266e43dcc3d765e96967c414897
Debian Linux Security Advisory 1995-1 - Several vulnerabilities have been discovered in the OpenOffice.org office suite.
ed7afdbc83c23bf583d83934adf7f3db4687e64834d06c0314c0b073c09450ba
Mandriva Linux Security Advisory 2009-322 - IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in Mono 1.2.5.1 and previous versions, which allows arbitrary code execution by context-dependent attackers. Multiple cross-site scripting (XSS) vulnerabilities were discovered in the ASP.net class libraries in Mono 2.0 and earlier. CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. Packages for 2008.0 are being provided due to extended support for Corporate products. The updated packages have been patched to fix these issues.
ac595de6900cd8c12028c1914747f7f1fc67ec1d0d49ad77f576b6b17b0f2203
Mandriva Linux Security Advisory 2009-318 - Multiple security vulnerabilities has been identified and fixed A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code. Packages for 2008.0 are being provided due to extended support for Corporate products. This update fixes this vulnerability.
57180189922a60fc6fb2be31e076999decbc3545b198b5eaa2ef09248026f28a
HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS).
4e557744aecf9dd9f0d0fa1806010807ec9f5b0715c0bca405e0d75be361b35c
Mandriva Linux Security Advisory 2009-269 - The XML HMAC signature system in mono did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. This update fixes this vulnerability.
98f6697d9cf09bb45bb080488af86cfc2efa174ebb20dbc53a7a8d92b104c124
Mandriva Linux Security Advisory 2009-268 - Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to (1) HtmlControl.cs (PreProcessRelativeReference), (2) HtmlForm.cs (RenderAttributes), (3) HtmlInputButton (RenderAttributes), (4) HtmlInputRadioButton (RenderAttributes), and (5) HtmlSelect (RenderChildren). The XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. This update fixes these vulnerabilities.
0e41155cc42ddb5a5c21302a350227e68f876395d4400da79f4e4a1a818f4720
Mandriva Linux Security Advisory 2009-267 - A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification. This update fixes this vulnerability.
f7143c170e1b9f4aaddef63897e6ef985b74abe57270b1b7585b898c8eea1aea
Ubuntu Security Notice USN-826-1 - It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. It was discovered that Mono did not properly escape certain attributes in the ASP.net class libraries which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This issue only affected Ubuntu 8.04 LTS. It was discovered that Mono did not properly filter CRLF injections in the query string. If a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, steal confidential data (such as passwords), or perform cross-site request forgeries. This issue only affected Ubuntu 8.04 LTS.
2ad29fa1156368f088ec7fd61ddf354bd88a9b875c072b5a2b54cec8ad4511a1
Mandriva Linux Security Advisory 2009-209 - Multiple Java OpenJDK security vulnerabilities has been identified and fixed.
e63ca3c4a2288ce9ba25d35c65a3b5ec6f6320072a58c8b95f0f89a275cf4470
Ubuntu Security Notice USN-814-1 - A substantial amount of vulnerabilities in openjdk-6 have been addressed and fixed. These issues range from denial of service to code execution vulnerabilities.
8d697a9751f57fbe8413cde8fc1c7dc6b4cc1de4d608811d3f65cf6b190ea1d8
Debian Security Advisory 1849-1 - It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater.
e42de45e18bc6fd49721aa9431ccae4b09d76106002c325d94332419287f6029