Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#6685 - Warning on OpenOffice.org
Attached to Project:
Arch Linux
Opened by DaNiMoTh (DaNiMoTh) - Friday, 23 March 2007, 11:46 GMT
Last edited by Roman Kyrylych (Romashka) - Saturday, 24 March 2007, 13:31 GMT
Opened by DaNiMoTh (DaNiMoTh) - Friday, 23 March 2007, 11:46 GMT
Last edited by Roman Kyrylych (Romashka) - Saturday, 24 March 2007, 13:31 GMT
|
Details------------------------------------------------------------
Arch Linux Security Warning ALSW 2007-#20 ------------------------------------------------------------ Name: openoffice-base Date: 2007-03-23 Severity: High Warning #: 2007-#20 ------------------------------------------------------------ Product Background =================== OpenOffice.org is a multiplatform and multilingual office suite and an open-source project. Compatible with all other major office suites. Problem Background =================== iDefense reported an integer overflow flaw in libwpd, a library used internally to OpenOffice.org for handling Word Perfect documents. An attacker could create a carefully crafted Word Perfect file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-1466) John Heasman discovered a stack overflow in the StarCalc parser in OpenOffice.org. An attacker could create a carefully crafted StarCalc file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0238) Flaws were discovered in the way OpenOffice.org handled hyperlinks. An attacker could create an OpenOffice.org document which could run commands if a victim opened the file and clicked on a malicious hyperlink. (CVE-2007-0239) Impact ========== These vulnerabilities potentially can be exploited by malicious people to compromise a user's system. Problem Packages =================== Package: openoffice-base Repo: extra Group: office Unsafe: < 2.1.0 Safe: >= 2.1.0 Package Fix =================== Upgrade to 2.1.0. Anyway, don't open documents from untrusted sources. =================== I'm away from 26 March to 31 March. Unofficial ArchLinux Security Bug Tracker: http://jjdanimoth.netsons.org/alsw.html Reference(s) =================== http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0239 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1466 http://secunia.com/advisories/24588/ |
This task depends upon
Closed by Jan de Groot (JGC)
Sunday, 01 April 2007, 15:29 GMT
Reason for closing: Fixed
Additional comments about closing: Upgraded to 2.2.0
Sunday, 01 April 2007, 15:29 GMT
Reason for closing: Fixed
Additional comments about closing: Upgraded to 2.2.0