Bug 622529 (CVE-2010-2935)
Summary: | CVE-2010-2935 OpenOffice.Org: Integer truncation error by parsing specially-crafted Microsoft PowerPoint document | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | caolanm, mjc, security-response-team, vdanen | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-04-15 21:41:35 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 622831, 622833, 622857, 622858, 622859, 622861, 622862, 623608, 623609 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Jan Lieskovsky
2010-08-09 16:05:01 UTC
This issue affects the versions of the openoffice.org package, as shipped with Red Hat Enterprise Linux 3 and 4. This issue affects the version of the openoffice.org-impress package, as shipped with Red Hat Enterprise Linux 5. -- This issue affects the versions of the openoffice.org-impress package, as shipped with Fedora release of 12 and 13. Though the impact of this flaw is mitigated there. For further details, please proceed to: [1] https://bugzilla.redhat.com/show_bug.cgi?id=623609#c2 Created attachment 437664 [details]
final upstream agreed patch, essentially the same
This issue has been assigned the name CVE-2010-2935. Created openoffice.org tracking bugs for this issue Affects: fedora-all [bug 623609] Statement: This issue is not planned to be fixed in Red Hat Enterprise Linux 5, as its impact is mitigated by standard glibc protection mechanisms to cause only application abort. Red Hat Security Response Team does not consider a user-assisted crash (abort) of a client application, such as OpenOffice.org Impress tool, to be a security issue. This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Via RHSA-2010:0643 https://rhn.redhat.com/errata/RHSA-2010-0643.html |