(RHSA-2008:0538) Important: openoffice.org security update

2008-06-1200:00:00

access.redhat.com

0.087 Low

EPSS

Percentile

94.5%

JSON

OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation manager,
formula editor, and drawing program.

Sean Larsson found a heap overflow flaw in the OpenOffice memory allocator.
If a carefully crafted file was opened by a victim, an attacker could use
the flaw to crash OpenOffice.org or, possibly, execute arbitrary code.
(CVE-2008-2152)

It was discovered that certain libraries in the Red Hat Enterprise Linux 3
and 4 openoffice.org packages had an insecure relative RPATH (runtime
library search path) set in the ELF (Executable and Linking Format) header.
A local user able to convince another user to run OpenOffice in an
attacker-controlled directory, could run arbitrary code with the privileges
of the victim. (CVE-2008-2366)

All users of openoffice.org are advised to upgrade to these updated
packages, which contain backported fixes which correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanyi386openoffice.org-libs< 1.1.2-42.2.0.EL3openoffice.org-libs-1.1.2-42.2.0.EL3.i386.rpm
RedHatanyi386openoffice.org< 1.1.5-10.6.0.5.EL4openoffice.org-1.1.5-10.6.0.5.EL4.i386.rpm
RedHatanyppcopenoffice.org-i18n< 1.1.5-10.6.0.5.EL4openoffice.org-i18n-1.1.5-10.6.0.5.EL4.ppc.rpm
RedHatanyi386openoffice.org-kde< 1.1.5-10.6.0.5.EL4openoffice.org-kde-1.1.5-10.6.0.5.EL4.i386.rpm
RedHatanyi386openoffice.org-i18n< 1.1.5-10.6.0.5.EL4openoffice.org-i18n-1.1.5-10.6.0.5.EL4.i386.rpm
RedHatanysrcopenoffice.org< 1.1.5-10.6.0.5.EL4openoffice.org-1.1.5-10.6.0.5.EL4.src.rpm
RedHatanyi386openoffice.org-i18n< 1.1.2-42.2.0.EL3openoffice.org-i18n-1.1.2-42.2.0.EL3.i386.rpm
RedHatanyi386openoffice.org< 1.1.2-42.2.0.EL3openoffice.org-1.1.2-42.2.0.EL3.i386.rpm
RedHatanyppcopenoffice.org-kde< 1.1.5-10.6.0.5.EL4openoffice.org-kde-1.1.5-10.6.0.5.EL4.ppc.rpm
RedHatanyppcopenoffice.org< 1.1.5-10.6.0.5.EL4openoffice.org-1.1.5-10.6.0.5.EL4.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	i386	openoffice.org-libs	< 1.1.2-42.2.0.EL3	openoffice.org-libs-1.1.2-42.2.0.EL3.i386.rpm
RedHat	any	i386	openoffice.org	< 1.1.5-10.6.0.5.EL4	openoffice.org-1.1.5-10.6.0.5.EL4.i386.rpm
RedHat	any	ppc	openoffice.org-i18n	< 1.1.5-10.6.0.5.EL4	openoffice.org-i18n-1.1.5-10.6.0.5.EL4.ppc.rpm
RedHat	any	i386	openoffice.org-kde	< 1.1.5-10.6.0.5.EL4	openoffice.org-kde-1.1.5-10.6.0.5.EL4.i386.rpm
RedHat	any	i386	openoffice.org-i18n	< 1.1.5-10.6.0.5.EL4	openoffice.org-i18n-1.1.5-10.6.0.5.EL4.i386.rpm
RedHat	any	src	openoffice.org	< 1.1.5-10.6.0.5.EL4	openoffice.org-1.1.5-10.6.0.5.EL4.src.rpm
RedHat	any	i386	openoffice.org-i18n	< 1.1.2-42.2.0.EL3	openoffice.org-i18n-1.1.2-42.2.0.EL3.i386.rpm
RedHat	any	i386	openoffice.org	< 1.1.2-42.2.0.EL3	openoffice.org-1.1.2-42.2.0.EL3.i386.rpm
RedHat	any	ppc	openoffice.org-kde	< 1.1.5-10.6.0.5.EL4	openoffice.org-kde-1.1.5-10.6.0.5.EL4.ppc.rpm
RedHat	any	ppc	openoffice.org	< 1.1.5-10.6.0.5.EL4	openoffice.org-1.1.5-10.6.0.5.EL4.ppc.rpm