Synopsis:	Important: openoffice.org security update
Issue date:	2008-04-17
CVE Names:	CVE-2007-5746 CVE-2008-0320

A heap overflow flaw was found in the EMF parser. An attacker could create
a carefully crafted EMF file that could cause OpenOffice.org to crash or
possibly execute arbitrary code if the malicious EMF image was added to a
document or if a document containing the malicious EMF file was opened by a
victim. (CVE-2007-5746)

A heap overflow flaw was found in the OLE Structured Storage file parser.
(OLE Structured Storage is a format used by Microsoft Office documents.) An
attacker could create a carefully crafted OLE file that could cause
OpenOffice.org to crash or possibly execute arbitrary code if the file was
opened by a victim. (CVE-2008-0320)

SL 3.0.x

     SRPMS:
openoffice.org-1.1.2-41.2.0.EL3.src.rpm
     i386:
openoffice.org-1.1.2-41.2.0.EL3.i386.rpm
openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm
openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm
     x86_64:
openoffice.org-1.1.2-41.2.0.EL3.i386.rpm
openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm
openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm

SL 4.x

     SRPMS:
openoffice.org-1.1.5-10.6.0.3.EL4.src.rpm
     i386:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
openoffice.org-kde-1.1.5-10.6.0.3.EL4.i386.rpm
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
     x86_64:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
openoffice.org-kde-1.1.5-10.6.0.3.EL4.i386.rpm
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm

-Connie Sieh
-Troy Dawson