Synopsis: Important: openoffice.org security update
Issue date: 2008-04-17
CVE Names: CVE-2007-5746 CVE-2008-0320
A heap overflow flaw was found in the EMF parser. An attacker could create
a carefully crafted EMF file that could cause OpenOffice.org to crash or
possibly execute arbitrary code if the malicious EMF image was added to a
document or if a document containing the malicious EMF file was opened by a
victim. (CVE-2007-5746)
A heap overflow flaw was found in the OLE Structured Storage file parser.
(OLE Structured Storage is a format used by Microsoft Office documents.) An
attacker could create a carefully crafted OLE file that could cause
OpenOffice.org to crash or possibly execute arbitrary code if the file was
opened by a victim. (CVE-2008-0320)
SL 3.0.x
SRPMS:
openoffice.org-1.1.2-41.2.0.EL3.src.rpm
i386:
openoffice.org-1.1.2-41.2.0.EL3.i386.rpm
openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm
openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm
x86_64:
openoffice.org-1.1.2-41.2.0.EL3.i386.rpm
openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm
openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm
SL 4.x
SRPMS:
openoffice.org-1.1.5-10.6.0.3.EL4.src.rpm
i386:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
openoffice.org-kde-1.1.5-10.6.0.3.EL4.i386.rpm
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
x86_64:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
openoffice.org-kde-1.1.5-10.6.0.3.EL4.i386.rpm
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
-Connie Sieh
-Troy Dawson