openoffice.org, openoffice.org2 security update

CentOS Errata and Security Advisory CESA-2008:0175

OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation manager,
formula editor, and drawing program.

Multiple heap overflows and an integer underflow were found in the Quattro
Pro® import filter. An attacker could create a carefully crafted Quattro
Pro file that could cause OpenOffice.org to crash or possibly execute
arbitrary code if the file was opened by a victim. (CVE-2007-5745,
CVE-2007-5747)

A heap overflow flaw was found in the EMF parser. An attacker could create
a carefully crafted EMF file that could cause OpenOffice.org to crash or
possibly execute arbitrary code if the malicious EMF image was added to a
document or if a document containing the malicious EMF file was opened by a
victim. (CVE-2007-5746)

A heap overflow flaw was found in the OLE Structured Storage file parser.
(OLE Structured Storage is a format used by Microsoft Office documents.) An
attacker could create a carefully crafted OLE file that could cause
OpenOffice.org to crash or possibly execute arbitrary code if the file was
opened by a victim. (CVE-2008-0320)

All users of OpenOffice.org are advised to upgrade to these updated
packages, which contain backported fixes to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-April/077010.html
https://lists.centos.org/pipermail/centos-announce/2008-April/077011.html
https://lists.centos.org/pipermail/centos-announce/2008-April/077036.html
https://lists.centos.org/pipermail/centos-announce/2008-April/077037.html

Affected packages:
openoffice.org-base
openoffice.org-calc
openoffice.org-core
openoffice.org-draw
openoffice.org-emailmerge
openoffice.org-graphicfilter
openoffice.org-impress
openoffice.org-javafilter
openoffice.org-langpack-af_ZA
openoffice.org-langpack-ar
openoffice.org-langpack-as_IN
openoffice.org-langpack-bg_BG
openoffice.org-langpack-bn
openoffice.org-langpack-ca_ES
openoffice.org-langpack-cs_CZ
openoffice.org-langpack-cy_GB
openoffice.org-langpack-da_DK
openoffice.org-langpack-de
openoffice.org-langpack-el_GR
openoffice.org-langpack-es
openoffice.org-langpack-et_EE
openoffice.org-langpack-eu_ES
openoffice.org-langpack-fi_FI
openoffice.org-langpack-fr
openoffice.org-langpack-ga_IE
openoffice.org-langpack-gl_ES
openoffice.org-langpack-gu_IN
openoffice.org-langpack-he_IL
openoffice.org-langpack-hi_IN
openoffice.org-langpack-hr_HR
openoffice.org-langpack-hu_HU
openoffice.org-langpack-it
openoffice.org-langpack-ja_JP
openoffice.org-langpack-kn_IN
openoffice.org-langpack-ko_KR
openoffice.org-langpack-lt_LT
openoffice.org-langpack-ml_IN
openoffice.org-langpack-mr_IN
openoffice.org-langpack-ms_MY
openoffice.org-langpack-nb_NO
openoffice.org-langpack-nl
openoffice.org-langpack-nn_NO
openoffice.org-langpack-nr_ZA
openoffice.org-langpack-nso_ZA
openoffice.org-langpack-or_IN
openoffice.org-langpack-pa_IN
openoffice.org-langpack-pl_PL
openoffice.org-langpack-pt_BR
openoffice.org-langpack-pt_PT
openoffice.org-langpack-ru
openoffice.org-langpack-sk_SK
openoffice.org-langpack-sl_SI
openoffice.org-langpack-sr_CS
openoffice.org-langpack-ss_ZA
openoffice.org-langpack-st_ZA
openoffice.org-langpack-sv
openoffice.org-langpack-ta_IN
openoffice.org-langpack-te_IN
openoffice.org-langpack-th_TH
openoffice.org-langpack-tn_ZA
openoffice.org-langpack-tr_TR
openoffice.org-langpack-ts_ZA
openoffice.org-langpack-ur
openoffice.org-langpack-ve_ZA
openoffice.org-langpack-xh_ZA
openoffice.org-langpack-zh_CN
openoffice.org-langpack-zh_TW
openoffice.org-langpack-zu_ZA
openoffice.org-math
openoffice.org-pyuno
openoffice.org-testtools
openoffice.org-writer
openoffice.org-xsltfilter
openoffice.org2-base
openoffice.org2-calc
openoffice.org2-core
openoffice.org2-draw
openoffice.org2-emailmerge
openoffice.org2-graphicfilter
openoffice.org2-impress
openoffice.org2-javafilter
openoffice.org2-langpack-af_ZA
openoffice.org2-langpack-ar
openoffice.org2-langpack-bg_BG
openoffice.org2-langpack-bn
openoffice.org2-langpack-ca_ES
openoffice.org2-langpack-cs_CZ
openoffice.org2-langpack-cy_GB
openoffice.org2-langpack-da_DK
openoffice.org2-langpack-de
openoffice.org2-langpack-el_GR
openoffice.org2-langpack-es
openoffice.org2-langpack-et_EE
openoffice.org2-langpack-eu_ES
openoffice.org2-langpack-fi_FI
openoffice.org2-langpack-fr
openoffice.org2-langpack-ga_IE
openoffice.org2-langpack-gl_ES
openoffice.org2-langpack-gu_IN
openoffice.org2-langpack-he_IL
openoffice.org2-langpack-hi_IN
openoffice.org2-langpack-hr_HR
openoffice.org2-langpack-hu_HU
openoffice.org2-langpack-it
openoffice.org2-langpack-ja_JP
openoffice.org2-langpack-ko_KR
openoffice.org2-langpack-lt_LT
openoffice.org2-langpack-ms_MY
openoffice.org2-langpack-nb_NO
openoffice.org2-langpack-nl
openoffice.org2-langpack-nn_NO
openoffice.org2-langpack-pa_IN
openoffice.org2-langpack-pl_PL
openoffice.org2-langpack-pt_BR
openoffice.org2-langpack-pt_PT
openoffice.org2-langpack-ru
openoffice.org2-langpack-sk_SK
openoffice.org2-langpack-sl_SI
openoffice.org2-langpack-sr_CS
openoffice.org2-langpack-sv
openoffice.org2-langpack-ta_IN
openoffice.org2-langpack-th_TH
openoffice.org2-langpack-tr_TR
openoffice.org2-langpack-zh_CN
openoffice.org2-langpack-zh_TW
openoffice.org2-langpack-zu_ZA
openoffice.org2-math
openoffice.org2-pyuno
openoffice.org2-testtools
openoffice.org2-writer
openoffice.org2-xsltfilter

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0175