Bug 623609
Summary: | CVE-2010-2935 CVE-2010-2936 openoffice.org various flaws [fedora-all] | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | openoffice.org | Assignee: | Caolan McNamara <caolanm> |
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 13 | CC: | caolanm |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Release Note | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-08-12 14:25:45 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 622529, 622555 |
Description
Jan Lieskovsky
2010-08-12 10:01:10 UTC
Adding parent bug CVE-2010-2936 New bodhi update url: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=622529,622555 The impact of these two flaws, as present in openoffice.org-impress package, shipped with Fedora release of 12 and 13 is mitigated by standard glibc protection mechanisms (it properly detects the invalid free() [CVE-2010-2935] and invalid pointer dereference [CVE-2010-2936] attempts and aborts the relevant binary sooner, it can do any further harm). Red Hat Security Response Team does not consider a user-assisted crash of a client application, such as OpenOffice.org Impress tool, to be a security issue. |