Debian Security Advisory

DSA-2055-1 -- macro execution

Date Reported:
05 Jun 2010
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2010-0395.
More information:

It was discovered that, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft® Office, is not properly handling python macros embedded in an office document. This allows an attacker to perform user-assisted execution of arbitrary code in certain use cases of the python macro viewer component.

For the stable distribution (lenny), this problem has been fixed in version 1:2.4.1+dfsg-1+lenny7.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 1:3.2.1-1.

We recommend that you upgrade your packages.

Fixed in:

Debian GNU/Linux 5.0 (lenny)

Architecture-independent component:
Intel IA-32:
Intel IA-64:
Big-endian MIPS:
Little-endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.