SUSE Security Announcement: OpenOffice heap overflow problem (SUSE-SA:2005:025)

19 Apr 2005


      -----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

                        SUSE Security Announcement

        Package:                OpenOffice_org
        Announcement-ID:        SUSE-SA:2005:025
        Date:                   Tue, 19 Apr 2005 13:00:00 +0000
        Affected products:      8.2, 9.0, 9.1, 9.2, 9.3
                                SUSE Linux Desktop 1.0
                                Novell Linux Desktop 9
        Vulnerability Type:     remote code execution
        Severity (1-10):        8
        SUSE default package:   yes
        Cross References:       CAN-2005-0941

    Content of this advisory:
        1) security vulnerability resolved:
             heap overflow in MS Word DOC file handling
           problem description
        2) solution/workaround
        3) special instructions and notes
        4) package location and checksums
        5) pending vulnerabilities, solutions, workarounds:
            See SUSE Security Summary Report.
        6) standard appendix (further information)

______________________________________________________________________________

1) problem description, brief discussion

    This security update fixes a buffer overflow in OpenOffice_org
    Microsoft Word document reader which could allow a remote attacker
    sending a handcrafted .doc file to execute code as the user
    opening the document in OpenOffice.

    This is tracked by the Mitre CVE ID CAN-2005-0941.


    WARNING: The updated packages are very large for distributions before
    SUSE Linux 9.2 and 9.3.

    The minimum download sizes for those are:
            SUSE Linux Desktop 1:   47 MB
            Novell Linux Desktop 9: 41 MB
            SUSE Linux 8.2:         37 MB
            SUSE Linux 9.0:         46 MB
            SUSE Linux 9.1:         50 MB
            SUSE Linux 9.2:          2.1 MB (using delta rpm)
            SUSE Linux 9.3:          3.5 MB (using delta rpm)

2) solution/workaround

    Install the updated packages.

    A possible workaround is to not open .DOC files from untrusted
    sources.

3) special instructions and notes

    Restart OpenOffice after the update.

4) package location and checksums

    Please download the update package for your distribution and verify its
    integrity by the methods listed in section 3) of this announcement.
    Then, install the package using the command "rpm -Fhv file.rpm" to apply
    the update.
    Our maintenance customers are being notified individually. The packages
    are being offered to install from the maintenance web.


    x86 Platform:

    SUSE Linux 9.3:
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-1.9.79-9.2.i586.rpm
           b552f46f192457b6487b60dd7adab845
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ar-1.9.79-9.2.i586.rpm
           8b3defa6812104ac95aa3ecd198c08e5
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ca-1.9.79-9.2.i586.rpm
           63a174e1f5b177e8d785f14a21f5bec5
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-cs-1.9.79-9.2.i586.rpm
           dcc5245c56657d6e20cc714b229390fd
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-da-1.9.79-9.2.i586.rpm
           bcb44ef1ef0688327e8b2304f2adfb76
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-de-1.9.79-9.2.i586.rpm
           3c166f9a421f0137134d750c869748cc
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-de-templates-8.2-157.i586.rpm
           b0bfd04da81ec413eab5ab292ab4d4f4
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-el-1.9.79-9.2.i586.rpm
           974366c76fe393438d9a3ab6f73b5bdb
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-es-1.9.79-9.2.i586.rpm
           17d21ae9d96670aca17b116d5770d0fb
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-et-1.9.79-9.2.i586.rpm
           e20309f95c285e141087f5472f0a37f2
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-fi-1.9.79-9.2.i586.rpm
           ca43a8e14d7662c41b8d60f1f526dca7
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-fr-1.9.79-9.2.i586.rpm
           b19618fd2ff92431f48f4fc36273ae1a
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-gnome-1.9.79-9.2.i586.rpm
           a12adba49239a86e174457fb95f5c576
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-hu-1.9.79-9.2.i586.rpm
           36057e0d7e178478a6b6eb119e7d56df
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-it-1.9.79-9.2.i586.rpm
           7d8d796f8bb9a8046b07af980f8adfc5
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ja-1.9.79-9.2.i586.rpm
           2160456066a9449daff5dcf26814882b
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-kde-1.9.79-9.2.i586.rpm
           305e8470904629f0c8e3a278d2f0b1e9
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ko-1.9.79-9.2.i586.rpm
           ab4cbc8427c84110990bcea0f7185322
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-nl-1.9.79-9.2.i586.rpm
           bbcef39ccd2be2b7b8611286427caf3c
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-pl-1.9.79-9.2.i586.rpm
           784fa5fef330224ea92ee8c7573444a5
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-pt-1.9.79-9.2.i586.rpm
           cf0a961f879a96af96b4b3464844f6e1
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-ru-1.9.79-9.2.i586.rpm
           0e041750d71900ce52dd7e0192a65693
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sk-1.9.79-9.2.i586.rpm
           5f62da8fbdb0da4b63612a2b02a36dc1
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sl-1.9.79-9.2.i586.rpm
           dab43fb02881dd04a1f24b56a5f11f71
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-sv-1.9.79-9.2.i586.rpm
           11be2bff9e95a2ae2b87cbb3ae763f46
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-tr-1.9.79-9.2.i586.rpm
           c0a8ba848b1b266b0d13f7905fe234e6
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-zh-CN-1.9.79-9.2.i586.rpm
           3f267e1277041393fcd28cc4cee59cf7
    ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/OpenOffice_org-zh-TW-1.9.79-9.2.i586.rpm
           05bb29569bfdf851ac2c4d268c58bead

    SUSE Linux 9.2:
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-1.1.3-16.2.i586.rpm
           2293f4e4c6ab47b0614f7e9988273d6c
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ar-1.1.3-16.2.i586.rpm
           bb0f47a473f4262c2cdf8cd49e2564f9
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ca-1.1.3-16.2.i586.rpm
           7e2263e7703856b184cc8a76f799732a
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-cs-1.1.3-16.2.i586.rpm
           32d6b6ee86e395c442654409f11e9c9c
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-da-1.1.3-16.2.i586.rpm
           dca243c3ad1747021b1f5c7074e1e3b7
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-de-1.1.3-16.2.i586.rpm
           39f68abc86e4a5e33d42957d8a37af01
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-el-1.1.3-16.2.i586.rpm
           20eddfbefd818c8d1cfe599898893c50
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-en-1.1.3-16.2.i586.rpm
           4068f98e7f40d66905e5a253a2470cba
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-en-help-1.1.3-16.2.i586.rpm
           0a4286d62466addf22bb2bba7ab0c309
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-es-1.1.3-16.2.i586.rpm
           a3effffec6221f5e1edda0da2502fa77
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-et-1.1.3-16.2.i586.rpm
           7bca5b49f4ecd97331efdd8b9d02704f
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-fi-1.1.3-16.2.i586.rpm
           79eec2c6b39a24a80f2a2030167d327b
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-fr-1.1.3-16.2.i586.rpm
           640b167beaedb0e400a9945fbdec3346
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-gnome-1.1.3-16.2.i586.rpm
           fec069d75bd3036d9181789e47d5ff11
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-hu-1.1.3-16.2.i586.rpm
           2fae2a1136717f97eefb55eb86571099
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-it-1.1.3-16.2.i586.rpm
           0f170766b94adf4f0c86d2b251ef80b8
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ja-1.1.3-16.2.i586.rpm
           0b39736cdeab86262746d52f6ca6f4be
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-kde-1.1.3-16.2.i586.rpm
           ba6a72c373198ff4509e9870cb16f253
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ko-1.1.3-16.2.i586.rpm
           7a443cc6cb4d6880ffb1e02fa3aa0ba7
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-nl-1.1.3-16.2.i586.rpm
           dc6f63e7b9141838a46fa4738f038e58
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-pl-1.1.3-16.2.i586.rpm
           eca5ce05d506b0aeda52c89f4558cecd
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-pt-1.1.3-16.2.i586.rpm
           799d8c7f09c3459f90032d25be0f5525
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-ru-1.1.3-16.2.i586.rpm
           01ebf77e4e283925a6506a24c3e8d865
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sk-1.1.3-16.2.i586.rpm
           aec3c6e8b4143d97f1b6d35bf1f3dc8a
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sl-1.1.3-16.2.i586.rpm
           8b074f282d1bb4d9883324f07ca5797e
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-sv-1.1.3-16.2.i586.rpm
           0cd956b13b0bfa1b478f238426b61813
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-tr-1.1.3-16.2.i586.rpm
           09586c7bc9801d9a4b7ab5c026d88880
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-zh-CN-1.1.3-16.2.i586.rpm
           101e72d1f892b22d585688aad67ed5a8
    ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/OpenOffice_org-zh-TW-1.1.3-16.2.i586.rpm
           73dbea37ec2f089f0932956782e4c923

    SUSE Linux 9.1:
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-1.1.1-23.6.i586.rpm
           acfc765af694e2dbad866400ff35baf1
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ar-1.1.1-23.6.i586.rpm
           0af9c4a72afa6e6fdde2b0bcc096666f
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-cs-1.1.1-23.6.i586.rpm
           da472e7cea51097743762bc6a2608aa4
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-da-1.1.1-23.6.i586.rpm
           70fdd4f83e0f18b1895e142b4e8f0f41
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-de-1.1.1-23.6.i586.rpm
           23e05864cc3993ea28b414b9fb8c14ad
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-el-1.1.1-23.6.i586.rpm
           cd516d937d0f11b99f9b89950136eac6
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-en-1.1.1-23.6.i586.rpm
           74e823e5c1af46a94a1439ceca09bf08
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-en-help-1.1.1-23.6.i586.rpm
           04e1cf5845598f842cca8a142e963206
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-es-1.1.1-23.6.i586.rpm
           d23180d06e4ee6aa2d92a3b3d4ff9036
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-et-1.1.1-23.6.i586.rpm
           2d48b32b780c40ba6edf87f205252f6f
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-fr-1.1.1-23.6.i586.rpm
           84eb506c11c687852d747e34ad58adb7
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-hu-1.1.1-23.6.i586.rpm
           7fc4d93253f873a84d5dcf1be56ea02b
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-it-1.1.1-23.6.i586.rpm
           d317a379e5e8d0dbd5c2637ebffdb978
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ja-1.1.1-23.6.i586.rpm
           84b4466a0ad38e1bee97bd76de10a650
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ko-1.1.1-23.6.i586.rpm
           8dd0108842f786c5278413017c178bd8
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-nl-1.1.1-23.6.i586.rpm
           f09448181bc7b7a4f0076694ec29f073
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-pl-1.1.1-23.6.i586.rpm
           637c906b339a24e984a6ee080dc57f42
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-pt-1.1.1-23.6.i586.rpm
           3b98ed06cb70895123b5bc9cbe8744b7
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-ru-1.1.1-23.6.i586.rpm
           467c41efec48271d291cceb38709a2aa
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sk-1.1.1-23.6.i586.rpm
           a475fe4fb2a99341831fdc6da07497d0
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sl-1.1.1-23.6.i586.rpm
           ad03e64157d0c0ba9a31f2e3cc8c78f8
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-sv-1.1.1-23.6.i586.rpm
           5efef74ffe625cf6e4f38b8738211a25
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-tr-1.1.1-23.6.i586.rpm
           fee1d6e9f05d59b95561dbe192ae927f
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-zh-CN-1.1.1-23.6.i586.rpm
           1ce11a3e8ecec9b032e4c250c7b7dcd7
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/OpenOffice_org-zh-TW-1.1.1-23.6.i586.rpm
           cbff62da371e49552ced339f9a5a014e
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/OpenOffice_org-1.1.1-23.6.src.rpm
           e30ccd2e95d5f985be7918185e5347e6

    SUSE Linux 9.0:
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-1.1-100.i586.rpm
           2103fcc3a5de4724a96350b6c5aba23d
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-ar-1.1-100.i586.rpm
           24ef98c1b908db39073a792959a412db
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-cs-1.1-100.i586.rpm
           8b9b494f4ec8e0cad1a14c025fbe5025
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-da-1.1-100.i586.rpm
           a4f199cd7d077552b80b96fa8f573e8d
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-de-1.1-100.i586.rpm
           fa8bef6b96f4f44a5e65ba471b937c7c
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-el-1.1-100.i586.rpm
           182ab41d8b98cfcb25514d84f5426569
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-en-1.1-100.i586.rpm
           da512b6c56065b7d6537b0385fc89f90
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-en-help-1.1-100.i586.rpm
           7cd38f5e4381f64bd1cbf4c883b6cb6e
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-es-1.1-100.i586.rpm
           227616d6355d91b6a680837b546878bc
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-fr-1.1-100.i586.rpm
           9f052173c82e73b578f9edfbad5a7649
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-hu-1.1-100.i586.rpm
           b424833a10fad334502a0c73d1842d51
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-it-1.1-100.i586.rpm
           4a3706cd87d6938530d9bb7261eb7b2f
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-ja-1.1-100.i586.rpm
           00212453e83c014a68d51945f08cc486
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-ko-1.1-100.i586.rpm
           0da0e8b50393bccd6ed00aeaaef5809a
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-nl-1.1-100.i586.rpm
           ecfa98395e093e3ab2acb80b04cd234d
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-pl-1.1-100.i586.rpm
           6f50954b40c3d74c1cba1b1df920f25a
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-pt-1.1-100.i586.rpm
           9c052a19385612f952aff029086f6877
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-ru-1.1-100.i586.rpm
           ef3c9469080799b7ff1c40e8f54f72fe
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-sk-1.1-100.i586.rpm
           f28d7b1b30b5bfd06a5d774e424de7d9
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-sv-1.1-100.i586.rpm
           c0cbd660335c6418699993b1fb78a7e8
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-tr-1.1-100.i586.rpm
           b4d926bc3e1eea6edfd453f645d2e3bb
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-zh-CN-1.1-100.i586.rpm
           0fe30e9116ef5df1e776be3322381d0a
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/OpenOffice_org-zh-TW-1.1-100.i586.rpm
           3c9f01c4cb808238967c386a9bbf95f2
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/OpenOffice_org-1.1-100.src.rpm
           6ad8a3d82246b021cedcd23f4ce74f1a

    SUSE Linux 8.2:
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-1.0.2-76.i586.rpm
           6b5f9f1b9bd7dad1d62619c46e471ee4
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-cs-1.0.2-76.i586.rpm
           966b54c4cc0a7eca79386d3d7eed358d
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-de-1.0.2-76.i586.rpm
           f857a4c91b90de7b46d9700439fc3dc4
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-en-1.0.2-76.i586.rpm
           65706db98543bdcf84b8ff1ec3be93ca
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-en-help-1.0.2-76.i586.rpm
           c574794e58d89c56b9cab405ca1462a6
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-es-1.0.2-76.i586.rpm
           6a6eed7174ec918d4c7617728e0328c3
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-fr-1.0.2-76.i586.rpm
           7428286d640ca1c4e0e8572acf1fa370
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-hu-1.0.2-76.i586.rpm
           27fae82ea8f296265847e26e91ead421
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-it-1.0.2-76.i586.rpm
           e4e70c8843084cbc9707e1baf7b9b9f4
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-nl-1.0.2-76.i586.rpm
           ae9a2d1c379be2581bd936e4f08c14bb
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/OpenOffice_org-sv-1.0.2-76.i586.rpm
           401508cc4fdc89759f9c78497943456b
    source rpm(s):
    ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/OpenOffice_org-1.0.2-76.src.rpm
           5a086c30ec314b476ef3fcc7399b921e


______________________________________________________________________________

5)  Pending vulnerabilities in SUSE Distributions and Workarounds:

    See SUSE Security Summary Report.
______________________________________________________________________________

6)  standard appendix: authenticity verification, additional information

  - Package authenticity verification:

    SUSE update packages are available on many mirror ftp servers all over
    the world. While this service is being considered valuable and important
    to the free and open source software community, many users wish to be
    sure about the origin of the package and its content before installing
    the package. There are two verification methods that can be used
    independently from each other to prove the authenticity of a downloaded
    file or rpm package:
    1) md5sums as provided in the (cryptographically signed) announcement.
    2) using the internal gpg signatures of the rpm package.

    1) execute the command
        md5sum <name-of-the-file.rpm>
       after you downloaded the file from a SUSE ftp server or its mirrors.
       Then, compare the resulting md5sum with the one that is listed in the
       announcement. Since the announcement containing the checksums is
       cryptographically signed (usually using the key security@suse.de),
       the checksums show proof of the authenticity of the package.
       We disrecommend to subscribe to security lists which cause the
       email message containing the announcement to be modified so that
       the signature does not match after transport through the mailing
       list software.
       Downsides: You must be able to verify the authenticity of the
       announcement in the first place. If RPM packages are being rebuilt
       and a new version of a package is published on the ftp server, all
       md5 sums for the files are useless.

    2) rpm package signatures provide an easy way to verify the authenticity
       of an rpm package. Use the command
        rpm -v --checksig <file.rpm>
       to verify the signature of the package, where <file.rpm> is the
       filename of the rpm package that you have downloaded. Of course,
       package authenticity verification can only target an un-installed rpm
       package file.
       Prerequisites:
        a) gpg is installed
        b) The package is signed using a certain key. The public part of this
           key must be installed by the gpg program in the directory
           ~/.gnupg/ under the user's home directory who performs the
           signature verification (usually root). You can import the key
           that is used by SUSE in rpm packages for SUSE Linux by saving
           this announcement to a file ("announcement.txt") and
           running the command (do "su -" to be root):
            gpg --batch; gpg < announcement.txt | gpg --import
           SUSE Linux distributions version 7.1 and thereafter install the
           key "build@suse.de" upon installation or upgrade, provided that
           the package gpg is installed. The file containing the public key
           is placed at the top-level directory of the first CD (pubring.gpg)
           and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .


  - SUSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   general/linux/SUSE security discussion.
            All SUSE security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
        -   SUSE's announce-only mailing list.
            Only SUSE's security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
    send mail to:
        <suse-security-info@suse.com> or
        <suse-security-faq@suse.com> respectively.

    =====================================================================
    SUSE's security contact is <security@suse.com> or <security@suse.de>.
    The <security@suse.de> public key is listed below.
    =====================================================================
______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way. In particular,
    it is desired that the clear-text signature shows proof of the
    authenticity of the text.
    SUSE Linux AG makes no warranties of any kind whatsoever with respect
    to the information contained in this security advisory.

Type Bits/KeyID    Date       User ID
pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de>
pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de>

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff
4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d
M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO
QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK
XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE
D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd
G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM
CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE
myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr
YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD
wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d
NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe
QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe
LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t
XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU
D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3
0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot
1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW
cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E
ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f
AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E
Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/
HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h
t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT
tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM
523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q
2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8
QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw
JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ
1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH
ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1
wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY
EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol
0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK
CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co
SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo
omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt
A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J
/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE
GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf
ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT
ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8
RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ
8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb
B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X
11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA
8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj
qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p
WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL
hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG
BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+
AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi
RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0
zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM
/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7
whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl
D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz
dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI
RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI
DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=
=LRKC
- -----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQEVAwUBQmUCXXey5gA9JdPZAQEVrwf+JUsttvz6+k+tvRZ1qB4cjTgD7x3Rg7q0
dgbWbEQ/wQCQY51ujnFIj6Yba7MS8m0QulCCGNrx3wZ1SqsITeoAQMS8RJiPzNGc
hxrYCZSP5YHxCqIxo0z2T0vRmNkKd/sk2/ep/U46vM2gtIh+/1KuKTR4MqnzIptc
QKw4wodkNxT797C8Q4mqwkclqY0+UdqKqcp0PNh6q9H7NuGpURbugB8t2uu+sOXw
Y3F8pUwDqO2K0HSOUtSBKhqhk6DfKNNW8ZzfiS9GdUbNuH6hHfSlUIvHVFXAsofl
ZlSv79pDWKOcDZf8XSIfvY0Ddb8g7doTysFrGHMYztjCqZd3vmXX7A==
=bB3g
-----END PGP SIGNATURE-----

SUSE Security Announcement: OpenOffice heap overflow problem (SUSE-SA:2005:025)

Marcus Meissner