Bug 181921 - app-office/openoffice < 2.2.1 - heap oveflow in rtf parsing routines (CVE-2007-0245)
Bug#: 181921 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: carlo@gentoo.org
Component: Vulnerabilities
URL:  http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00065.html
Summary: app-office/openoffice < 2.2.1 - heap oveflow in rtf parsing routines (CVE-2007-0245)
Keywords:  
Status Whiteboard: B2 [glsa+] jaervosz
Opened: 2007-06-13 15:25 0000
Description:   Opened: 2007-06-13 15:25 0000 
John Heasman discovered a heap overflow in the routines of OpenOffice.org
that parse RTF files.  A specially crafted RTF file could cause the
filter to overwrite data on the heap, which may lead to the execution
of arbitrary code.


http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00065.html

------- Comment #1 From Carsten Lohrke 2007-06-13 15:28:01 0000 ------- 
Uh, binary package is affected as well of course.

------- Comment #2 From Sune Kloppenborg Jeppesen 2007-06-13 19:24:38 0000 ------- 
Handling -bin on bug #181773.

openoffice is 2.2.1 ready for stable marking?

------- Comment #3 From Andreas Proschofsky 2007-06-14 09:18:03 0000 ------- 
(In reply to comment #2)
> 
> openoffice is 2.2.1 ready for stable marking?
> 
I guess so, 2.2.1 is just a bugfix release for 2.2 which has been in portage
for quite some time and should be ready. Dependencies should be fine with one
exception: We have an optional dep on >=mono-1.2.3-r1 which is not yet marked
stable anywhere.

------- Comment #4 From Sune Kloppenborg Jeppesen 2007-06-14 15:23:09 0000 ------- 
ppc and x86 please test and mark stable.

------- Comment #5 From Christian Faulhammer 2007-06-14 16:50:25 0000 ------- 
Which mono version is recommended?  1.2.4 will hit the 30 days on 16th and I
found no relevant bugs but bug 178841, and I don't know how severe it is.

dev-dotnet/ligbdiplus is affected, too.  1.2.3 or .4?

------- Comment #6 From Andreas Proschofsky 2007-06-14 20:09:31 0000 ------- 
(In reply to comment #5)
> Which mono version is recommended?  1.2.4 will hit the 30 days on 16th and I
> found no relevant bugs but bug 178841, and I don't know how severe it is.
> 
> dev-dotnet/ligbdiplus is affected, too.  1.2.3 or .4?
> 

AFAIK everything from 1.2.3 on should be fine. Anyway: Another possible
solution would be to just put an ebuild without mono-support in the tree, it's
really nothing very relevant to OOo atm, so I guess that would be the easiest
solution.

------- Comment #7 From Christian Faulhammer 2007-06-15 08:12:04 0000 ------- 
It fails on x86, build.log to be found at
http://dev.gentoo.org/~opfer/build-ooo.log.bz2

------- Comment #8 From Andreas Proschofsky 2007-06-15 09:16:05 0000 ------- 
(In reply to comment #7)
> It fails on x86, build.log to be found at
> http://dev.gentoo.org/~opfer/build-ooo.log.bz2
> 

Are you sure you didn't run out of disk space? At least that's what your build
log says... ;)

Builds fine here btw.

------- Comment #9 From Christian Faulhammer 2007-06-16 04:06:25 0000 ------- 
(In reply to comment #8)
> Are you sure you didn't run out of disk space? At least that's what your build
> log says... ;)

 Never post build failures just after getting up.

> Builds fine here btw.

 In the end here, too.  x86 stable, removing dotnet team as well

------- Comment #10 From Tobias Scherbaum 2007-06-16 12:00:09 0000 ------- 
ppc stable

------- Comment #11 From Andreas Proschofsky 2007-06-16 13:24:31 0000 ------- 
I've removed the vulnerable ebuilds from the tree

------- Comment #12 From Pierre-Yves Rofes 2007-07-23 15:43:04 0000 ------- 
hmm actually this one was also solved with GLSA 200707-02. Thanks everybody!