CERT RENATER
Nous contacter
- Mail : cert@support.renater.fr
- Web : Pages du CERT
- Tél : 01.53.94.20.44
- Fax : 01.53.94.20.31
==================================================================== CERT-Renater Note d'Information No. 2010/VULN196 _____________________________________________________________________ DATE : 07/06/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems Running OpenOffice versions prior to 3.2.1. ====================================================================== http://www.openoffice.org/security/cves/CVE-2009-3555.html http://www.openoffice.org/security/cves/CVE-2010-0395.html ______________________________________________________________________ CVE-2009-3555 OpenOffice.org 2 and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party Libraries * Synopsis: OpenOffice.org 2 and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party Libraries. * State: Resolved 1. Impact OpenOffice.org 2 and 3 ship with 3rd party libraries affected by the TLS/SSL renegotiation issue documented in CVE-2009-3555. 2. Affected releases * All versions of OpenOffice.org prior to version 3.2.1 * All versions of OpenOffice.org 2 Note: OpenOffice.org 1.1 is not impacted by this issue. 3. Symptoms There are no predictable symptoms that would indicate this issue has occurred. 4. Relief/Workaround None. 5. Resolution This issue is addressed in the following release: OpenOffice.org 3.2.1 Security Home -> Bulletin -> CVE-2009-3555 _________________________________________________________________________ CVE-2010-0395 Security vulnerability in OpenOffice.org related to python scripting * Synopsis: A security vulnerability in OpenOffice.org, related to python scripting, may lead to unexpected code execution. * State: Resolved 1. Impact A security vulnerability in OpenOffice.org, related to python scripting, might lead to unexpected code execution when using the built-in scripting IDE for exploring the python code. 2. Affected releases * All versions of OpenOffice.org prior to version 3.2.1 * All versions of OpenOffice.org 2 Note: Earlier versions of OpenOffice.org are no longer supported and will not be evaluated regarding this issue. 3. Symptoms There are no predictable symptoms that would indicate this issue has occurred. 4. Relief/Workaround As a workaround, do not inspect python code from non-trustworthy documents with the built-in scripting IDE and its dialogs. 5. Resolution This issue is addressed in the following release: OpenOffice.org 3.2.1 Security Home -> Bulletin -> CVE-2010-0395 ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================