GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Apr 16, 2007 11:26 pm Post subject: [ GLSA 200704-12 ] OpenOffice.org: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: OpenOffice.org: Multiple vulnerabilities (GLSA 200704-12)
Severity: normal
Exploitable: remote
Date: April 16, 2007
Bug(s): #170828
ID: 200704-12
Synopsis
Multiple vulnerabilities have been discovered in OpenOffice.org, allowing
for remote execution of arbitrary code.
Background
OpenOffice.org is an open source office productivity suite, including
word processing, spreadsheet, presentation, drawing, data charting,
formula editing, and file conversion facilities.
Affected Packages
Package: app-office/openoffice
Vulnerable: < 2.1.0-r1
Unaffected: >= 2.1.0-r1
Architectures: All supported architectures
Package: app-office/openoffice-bin
Vulnerable: < 2.2.0
Unaffected: >= 2.2.0
Architectures: All supported architectures
Description
John Heasman of NGSSoftware has discovered a stack-based buffer
overflow in the StarCalc parser and an input validation error when
processing metacharacters in a link. Also OpenOffice.Org includes code
from libwpd making it vulnerable to heap-based overflows when
converting WordPerfect document tables (GLSA 200704-07).
Impact
A remote attacker could entice a user to open a specially crafted
document, possibly leading to execution of arbitrary code with the
rights of the user running OpenOffice.org.
Workaround
There is no known workaround at this time.
Resolution
All OpenOffice.org users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/openoffice-2.1.0-r1" |
All OpenOffice.org binary users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.2.0" |
References
CVE-2007-0002
CVE-2007-0238
CVE-2007-0239
GLSA-200704-07
Last edited by GLSA on Mon Jun 10, 2013 4:25 am; edited 1 time in total |
|
News & Announcements
