------------------------------------------------------------ Arch Linux Security Warning ALSW 2007-#20 ------------------------------------------------------------
Name: openoffice-base Date: 2007-03-23 Severity: High Warning #: 2007-#20 ------------------------------------------------------------ Product Background =================== OpenOffice.org is a multiplatform and multilingual office suite and an open-source project. Compatible with all other major office suites. Problem Background =================== iDefense reported an integer overflow flaw in libwpd, a library used internally to OpenOffice.org for handling Word Perfect documents. An attacker could create a carefully crafted Word Perfect file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-1466) John Heasman discovered a stack overflow in the StarCalc parser in OpenOffice.org. An attacker could create a carefully crafted StarCalc file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0238) Flaws were discovered in the way OpenOffice.org handled hyperlinks. An attacker could create an OpenOffice.org document which could run commands if a victim opened the file and clicked on a malicious hyperlink. (CVE-2007-0239) Impact ========== These vulnerabilities potentially can be exploited by malicious people to compromise a user's system. Problem Packages =================== Package: openoffice-base Repo: extra Group: office Unsafe: < 2.2.0 Safe: >= 2.2.0 Package Fix =================== Upgrade to 2.2.0. Anyway, don't open documents from untrusted sources. =================== Unofficial ArchLinux Security Bug Tracker: http://jjdanimoth.netsons.org/alsw.html Reference(s) =================== http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0239 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1466 http://secunia.com/advisories/24588/ Contact =================== JJDaNiMoTh <[EMAIL PROTECTED]>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ arch mailing list [email protected] http://archlinux.org/mailman/listinfo/arch
