Avis du CERT RENATER

Par défaut, cette page vous affichera les derniers messages envoyés par le CERT RENATER à la communauté. Vous pouvez affiner par année ou par type de message. Si aucun critère n'est précisé, seuls les derniers messages sont affichés
Date : Mon, 07 Jun 2010 11:15:00 +0200
Type : VULN
Sujet : CERT-Renater : 2010/VULN196 (OpenOffice: Security vulnerabilities related to TLS/SSL Renegotiation and python scripting)
====================================================================                                   CERT-Renater

                        Note d'Information No. 2010/VULN196
_____________________________________________________________________

DATE                      : 07/06/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems Running OpenOffice versions prior to 3.2.1.
======================================================================
http://www.openoffice.org/security/cves/CVE-2009-3555.html
http://www.openoffice.org/security/cves/CVE-2010-0395.html
______________________________________________________________________

CVE-2009-3555

OpenOffice.org 2 and 3 may be affected by the TLS/SSL Renegotiation Issue
in 3rd Party Libraries

    * Synopsis: OpenOffice.org 2 and 3 may be affected by the TLS/SSL
Renegotiation Issue in 3rd Party Libraries.
    * State: Resolved

1. Impact

OpenOffice.org 2 and 3 ship with 3rd party libraries affected by the TLS/SSL
renegotiation issue documented in CVE-2009-3555.


2. Affected releases

    * All versions of OpenOffice.org prior to version 3.2.1
    * All versions of OpenOffice.org 2

Note: OpenOffice.org 1.1 is not impacted by this issue.


3. Symptoms

There are no predictable symptoms that would indicate this issue has occurred.


4. Relief/Workaround


None.


5. Resolution

This issue is addressed in the following release: OpenOffice.org 3.2.1

Security Home -> Bulletin -> CVE-2009-3555

_________________________________________________________________________

CVE-2010-0395

Security vulnerability in OpenOffice.org related to python scripting

    * Synopsis: A security vulnerability in OpenOffice.org, related to
python scripting, may lead to unexpected code execution.
    * State: Resolved

1. Impact

A security vulnerability in OpenOffice.org, related to python scripting,
might lead to unexpected code execution when using the built-in scripting IDE
for exploring the python code.


2. Affected releases

    * All versions of OpenOffice.org prior to version 3.2.1
    * All versions of OpenOffice.org 2

Note: Earlier versions of OpenOffice.org are no longer supported and will
not be evaluated regarding this issue.


3. Symptoms

There are no predictable symptoms that would indicate this issue has occurred.

4. Relief/Workaround

As a workaround, do not inspect python code from non-trustworthy documents with
the built-in scripting IDE and its dialogs.


5. Resolution

This issue is addressed in the following release: OpenOffice.org 3.2.1

Security Home -> Bulletin -> CVE-2010-0395

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================