Summary: | app-office/openoffice{,-bin}: Manipulated TIFF files can lead to heap overflows and arbitrary code execution (CVE-2007-2834) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Geerdsen (RETIRED) <vorlon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | office, subs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openoffice.org/security/cves/CVE-2007-2834.html | ||
Whiteboard: | A2? [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 193056 | ||
Bug Blocks: |
Description
Matthias Geerdsen (RETIRED)
2007-09-17 14:00:08 UTC
Yes, well known ;) app-office/openoffice-bin-2.3 is already in the tree, so please test this for marking stable app-office/openoffice-2.3: Am working on this atm. Will come in the tree asap, depends on how successfull I'm in fixing the remaining problems app-office/openoffice-2.3.0 is in the tree now, too Thanks, Andreas. Arches, please test and mark stable: app-office/openoffice-bin-2.3.0: targets are "amd64 x86" app-office/openoffice-2.3.0: targets are "ppc x86" amd64 stable (In reply to comment #2) > app-office/openoffice-2.3.0 is in the tree now, too > Just to note: I've just done a little update to the ebuild, using a newer ooo-build-release, as the old one still showed the 2.2-splash-screen. -bin stable on x86 ============= Building project oox ============= /var/tmp/portage/app-office/openoffice-2.3.0/work/ooo/build/OOG680_m5/oox/source/token mkout -- version: 1.7 /usr/bin/perl gentoken.pl tokens.txt ../../unxlngi6.pro/inc/tokens.hxx ../../unxlngi6.pro/misc/tokens.gperf gperf --compare-strncmp --output-file=../../unxlngi6.pro/misc/_tokens.cxx ../../unxlngi6.pro/misc/tokens.gperf dmake: Error: -- gperf: No such file or directory dmake: Error code -1, while making '../../unxlngi6.pro/inc/tokens.cxx' ---* tg_merge.mk *--- ERROR: Error 65280 occurred while making /var/tmp/portage/app-office/openoffice-2.3.0/work/ooo/build/OOG680_m5/oox/source/token make: *** [stamp/build] Error 1 This seems to go away (new compile not finished yet) when emerging dev-util/gperf. Doesn't build on ppc (bundled STLport) g++ -D_REENTRANT -DGXX_INCLUDE_PATH=/usr/lib/gcc/powerpc-unknown-linux-gnu/4.1.2/include/g++-v4 -fexceptions -ftemplate-depth-32 -I../stlport -Wall -W -Wno-sign-compare -Wno-unused -Wno-uninitialized -O2 -mcpu=G4 -mtune=G4 -maltivec -mabi=altivec -fno-strict-aliasing -pipe -D_STLP_STRICT_ANSI -g -fPIC -D_STLP_DEBUG dll_main.cpp -c -o ../lib/obj/GCCppc/DebugSTLD/dll_main.o ../stlport/stl/_vector.h:92: error: template class without a name ../stlport/stl/_vector.h:195: error: expected unqualified-id before 'const' ../stlport/stl/_vector.h:195: error: expected `)' before 'const' ../stlport/stl/_vector.h:198: error: expected `)' before '__n' ../stlport/stl/_vector.h:204: error: expected `)' before '__n' ../stlport/stl/_vector.h:209: error: expected unqualified-id before 'const' ../stlport/stl/_vector.h:209: error: expected `)' before 'const' ../stlport/stl/_vector.h:240: error: expected `)' before '__first' ../stlport/stl/_vector.h:255: error: expected class-name before '__attribute__' ../stlport/stl/_vector.h:257: error: expected unqualified-id before '<' token ../stlport/stl/_vector.h:337: error: expected identifier before '<' token ../stlport/stl/_vector.h:337: error: expected ',' or '...' before '<' token ../stlport/stl/_vector.h: In member function 'void _STLD::<anonymous class><_Tp, _Alloc>::swap(int __vector__)': ../stlport/stl/_vector.h:338: error: '__x' was not declared in this scope ../stlport/stl/_vector.h: At global scope: ../stlport/stl/_vector.h:93: error: an anonymous union cannot have function members ../stlport/stl/_vector.h:546: error: abstract declarator '_STLD::<anonymous class><_Tp, _Alloc>' used as declaration ../stlport/stl/_relops_cont.h:6: error: expected ',' or '...' before '<' token ../stlport/stl/_relops_cont.h:7: error: ISO C++ forbids declaration of 'parameter' with no type ../stlport/stl/_relops_cont.h:7: error: 'bool _STLD::operator==(int __vector__)' must have an argument of class or enumerated type ../stlport/stl/_relops_cont.h:7: error: 'bool _STLD::operator==(int __vector__)' must take exactly two arguments ../stlport/stl/_relops_cont.h: In function 'bool _STLD::operator==(int __vector__)': ../stlport/stl/_relops_cont.h:8: error: '__x' was not declared in this scope ../stlport/stl/_relops_cont.h:8: error: '__y' was not declared in this scope ../stlport/stl/_relops_cont.h: At global scope: ../stlport/stl/_relops_cont.h:13: error: expected ',' or '...' before '<' token ../stlport/stl/_relops_cont.h:14: error: ISO C++ forbids declaration of 'parameter' with no type ../stlport/stl/_relops_cont.h:14: error: 'bool _STLD::operator<(int __vector__)' must have an argument of class or enumerated type ../stlport/stl/_relops_cont.h:14: error: 'bool _STLD::operator<(int __vector__)' must take exactly two arguments ../stlport/stl/_relops_cont.h: In function 'bool _STLD::operator<(int __vector__)': ../stlport/stl/_relops_cont.h:15: error: '__x' was not declared in this scope ../stlport/stl/_relops_cont.h:16: error: '__y' was not declared in this scope ../stlport/stl/_relops_cont.h: At global scope: ../stlport/stl/_relops_cont.h:19: error: expected ',' or '...' before '<' token ../stlport/stl/_relops_cont.h:19: error: ISO C++ forbids declaration of 'parameter' with no type ../stlport/stl/_relops_cont.h:19: error: 'bool _STLD::operator!=(int __vector__)' must have an argument of class or enumerated type ../stlport/stl/_relops_cont.h:19: error: 'bool _STLD::operator!=(int __vector__)' must take exactly two arguments ../stlport/stl/_relops_cont.h: In function 'bool _STLD::operator!=(int __vector__)': ../stlport/stl/_relops_cont.h:19: error: '__x' was not declared in this scope ../stlport/stl/_relops_cont.h:19: error: '__y' was not declared in this scope ../stlport/stl/_relops_cont.h: At global scope: ../stlport/stl/_relops_cont.h:19: error: expected ',' or '...' before '<' token ../stlport/stl/_relops_cont.h:19: error: ISO C++ forbids declaration of 'parameter' with no type ../stlport/stl/_relops_cont.h:19: error: 'bool _STLD::operator>(int __vector__)' must have an argument of class or enumerated type ../stlport/stl/_relops_cont.h:19: error: 'bool _STLD::operator>(int __vector__)' must take exactly two arguments ../stlport/stl/_relops_cont.h: In function 'bool _STLD::operator>(int __vector__)': ../stlport/stl/_relops_cont.h:19: error: '__y' was not declared in this scope ../stlport/stl/_relops_cont.h:19: error: '__x' was not declared in this scope ../stlport/stl/_relops_cont.h: At global scope: ../stlport/stl/_relops_cont.h:19: error: expected ',' or '...' before '<' token ../stlport/stl/_relops_cont.h:19: error: ISO C++ forbids declaration of 'parameter' with no type ../stlport/stl/_relops_cont.h:19: error: 'bool _STLD::operator<=(int __vector__)' must have an argument of class or enumerated type ../stlport/stl/_relops_cont.h:19: error: 'bool _STLD::operator<=(int __vector__)' must take exactly two arguments ../stlport/stl/_relops_cont.h: In function 'bool _STLD::operator<=(int __vector__)': ../stlport/stl/_relops_cont.h:19: error: '__y' was not declared in this scope ../stlport/stl/_relops_cont.h:19: error: '__x' was not declared in this scope ../stlport/stl/_relops_cont.h: At global scope: ../stlport/stl/_relops_cont.h:19: error: expected ',' or '...' before '<' token ../stlport/stl/_relops_cont.h:19: error: ISO C++ forbids declaration of 'parameter' with no type ../stlport/stl/_relops_cont.h:19: error: 'bool _STLD::operator>=(int __vector__)' must have an argument of class or enumerated type ../stlport/stl/_relops_cont.h:19: error: 'bool _STLD::operator>=(int __vector__)' must take exactly two arguments ../stlport/stl/_relops_cont.h: In function 'bool _STLD::operator>=(int __vector__)': ../stlport/stl/_relops_cont.h:19: error: '__x' was not declared in this scope ../stlport/stl/_relops_cont.h:19: error: '__y' was not declared in this scope ../stlport/stl/_relops_cont.h: At global scope: ../stlport/stl/_relops_cont.h:23: error: variable or field 'swap' declared void ../stlport/stl/_relops_cont.h:23: error: '_STLD::swap' declared as an 'inline' variable ../stlport/stl/_relops_cont.h:23: error: template declaration of 'int _STLD::swap' ../stlport/stl/_relops_cont.h:23: error: expected primary-expression before '__attribute__' ../stlport/stl/_relops_cont.h:23: error: expected primary-expression before '>' token ../stlport/stl/_relops_cont.h:23: error: '__x' was not declared in this scope ../stlport/stl/_relops_cont.h:24: error: expected primary-expression before '__attribute__' ../stlport/stl/_relops_cont.h:24: error: expected primary-expression before '>' token ../stlport/stl/_relops_cont.h:24: error: '__y' was not declared in this scope ../stlport/stl/_vector.c:41: error: expected unqualified-id before '<' token ../stlport/stl/_vector.c:57: error: expected unqualified-id before '<' token ../stlport/stl/_vector.c:85: error: expected unqualified-id before '<' token ../stlport/stl/_vector.c:110: error: expected unqualified-id before '<' token ../stlport/stl/_bvector.h:298: error: expected identifier before '<' token ../stlport/stl/_bvector.h:298: error: expected unqualified-id before '<' token ../stlport/stl/_bvector.h:791: error: expected unqualified-id before '<' token ../stlport/stl/debug/_vector.h:96: error: expected class-name before '__attribute__' ../stlport/stl/debug/_vector.h:96: error: expected `{' before '__attribute__' ../stlport/stl/debug/_vector.h:96: error: expected unqualified-id before '<' token dll_main.cpp:172: error: expected identifier before '<' token dll_main.cpp:172: error: expected unqualified-id before '<' token dll_main.cpp:174: error: explicit instantiation of 'class _STLD::vector<void*, _STLD::allocator<void*> >' before definition of template make[1]: *** [../lib/obj/GCCppc/DebugSTLD/dll_main.o] Error 1 make[1]: Leaving directory `/var/tmp/portage/app-office/openoffice-2.3.0/work/ooo/build/OOG680_m5/stlport/unxlngppc.pro/misc/build/STLport-4.5/src' dmake: Error code 2, while making 'unxlngppc.pro/misc/build/so_built_so_stlport' ---* tg_merge.mk *--- ERROR: Error 65280 occurred while making /var/tmp/portage/app-office/openoffice-2.3.0/work/ooo/build/OOG680_m5/stlport make: *** [stamp/build] Error 1 Ok, that oox failure has been reported (and marked as fixed) in bug 192937. But actually I don't find the dependency in the ebuild. OpenOffice team? (In reply to comment #9) > Ok, that oox failure has been reported (and marked as fixed) in bug 192937. > But actually I don't find the dependency in the ebuild. OpenOffice team? > This is fixed now, sorry for missing this x86 stable, thanks Andreas. ppc your problem has been tried to be fixed. We are getting into a bit of a difficult situation here: ppc still has some building problems, and I'll be on vacation (without internet access) for two weeks starting tomorrow :( Any idea how to handle this? Ok, as openoffice-2.3.0 obviously has more severe building problems on ppc than I can solve before being away, I've now added openoffice-2.2.1-r1 to the tree instead. That's just openoffice-2.2.1 - which seemed to work fine on ppc until now - plus the security fix and one build fix. I'd propose this for stabilizing on ppc instead (and after that removing the ppc keyword from openoffice-2.3.0 for the time being) (In reply to comment #13) > Ok, as openoffice-2.3.0 obviously has more severe building problems on ppc than > I can solve before being away, I've now added openoffice-2.2.1-r1 to the tree > instead. That's just openoffice-2.2.1 - which seemed to work fine on ppc until > now - plus the security fix and one build fix. > > I'd propose this for stabilizing on ppc instead (and after that removing the > ppc keyword from openoffice-2.3.0 for the time being) > Looks like the best solution for now - i'll take a look at openoffice-2.2.1-r1. Ok, as I'll be away now: Could someone else please also remove the old 2.2.1-ebuild (the vulnerable one) after ppc has stabilized 2.2.1-r1? Hope everything works out fine, wished this would be completed before leaving... ppc please test openoffice 2.2.1-r1 or 2.3.0 openoffice-2.2.1-r1 also seems b0rked for ppc, i'm on my way finding a USE combination which is working ... we might want to issue a temp-glsa mentioning that the problem isn't fixed for ppc yet? if test -f ../../unxlngppc.pro/slo/cli_uno_glue_version.o ; then touch ../../unxlngppc.pro/slo/cli_uno_glue_version.obj ; fi cp -p assembly.cs ../../unxlngppc.pro/misc/assembly_cppuhelper.cs echo ' \ [assembly:System.Reflection.AssemblyVersion( "1.0.9.0" )] ' \ ' [assembly:System.Reflection.AssemblyKeyFile("../../unxlngppc.pro/bin/cliuno.snk")] ' \ >> ../../unxlngppc.pro/misc/assembly_cppuhelper.cs dmake: Error: -- `../../../external/cli/cli_types.dll' not found, and can't be made '---* tg_merge.mk *---' (In reply to comment #17) > openoffice-2.2.1-r1 also seems b0rked for ppc, i'm on my way finding a USE > combination which is working I compiled OOo-2.2.1-r1 with the same USE-flags (USE="cairo cups dbus eds firefox gnome gstreamer gtk kde ldap pam sound webdav -binfilter -debug -java -mono -odk -seamonkey -xulrunner% (-branding%*)") like I compiled 2.2.1. Everything's fine, beside the nasty bug about ************************************************** ERROR: ERROR: Could not register all components! in function: create_services_rdb ************************************************** which hit us again. (In reply to comment #18) > I compiled OOo-2.2.1-r1 with the same USE-flags (USE="cairo cups dbus eds > firefox gnome gstreamer gtk kde ldap pam sound webdav -binfilter -debug -java > -mono -odk -seamonkey -xulrunner% (-branding%*)") like I compiled 2.2.1. > Everything's fine, beside the nasty bug about > > ************************************************** > ERROR: ERROR: Could not register all components! > in function: create_services_rdb > ************************************************** > > which hit us again. > plus USE="mono" is broken (In reply to comment #17) > openoffice-2.2.1-r1 also seems b0rked for ppc, Thats bad, even though it seems to work for others, anyway: this also would mean that 2.2.1 is broken too, as it is 2.2.1-r1 minus the security fix. Weird that I never got a single report about 2.2.1 being broken on ppc in the last months... Maybe we should move the ppc-discussion over to bug #193056, also could you please there provide your emerge info stuff? ppc any news here? (In reply to comment #21) > ppc any news here? > We're waiting for #193056 ppc stable, finally ready for glsa ... I've removed the vulnerable ebuilds from the tree now GLSA 200710-24, thanks everybody! (In reply to comment #4) > amd64 stable > Still showing as soft masked here. All of the dependencies are now stable and I've been running 2.3.0 on amd64 for a long while without any issues. Can we get it marked as stable. (In reply to comment #26) > (In reply to comment #4) > > amd64 stable > Still showing as soft masked here. All of the dependencies are now stable and > I've been running 2.3.0 on amd64 for a long while without any issues. Can we > get it marked as stable. That comment was about stabling openoffice-bin, not openoffice. Since openoffice was not amd64-stable before, there is no reason to stable a new version on a security bug. If your comment was a wish to generally stable openoffice on amd64, please open a separate bug about it. I'd still guess there is a reason it is not stable. |