Fedora Legacy Test Update Notification: openoffice.org
Marc Deslauriers
marcdeslauriers at videotron.ca
Mon May 2 11:58:44 UTC 2005
---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-154988
2005-05-02
---------------------------------------------------------------------
Name : openoffice.org
Versions : rh9: openoffice-1.0.2-11.2.legacy
Versions : fc1: openoffice.org-1.1.0-16.2.legacy
Versions : fc2: openoffice.org-1.1.3-11.4.0.fc2
Summary : OpenOffice.org comprehensive office suite.
Description :
OpenOffice.org is an Open Source, community-developed, multi-platform
office productivity suite. It includes the key desktop applications,
such as a word processor, spreadsheet, presentation manager, formula
editor and drawing program, with a user interface and feature set
similar to other office suites. Sophisticated and flexible,
OpenOffice.org also works transparently with a variety of file
formats, including Microsoft Office.
---------------------------------------------------------------------
Update Information:
Updated openoffice.org packages that fix two security issues are now
available.
OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation
manager, formula editor, and drawing program.
Secunia Research reported an issue with the handling of temporary
files. A malicious local user could use this flaw to access the contents
of another user's open documents. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0752 to
this issue.
A heap based buffer overflow bug was found in the OpenOffice.org DOC
file processor. An attacker could create a carefully crafted DOC file in
such a way that it could cause OpenOffice.org to execute arbitrary code
when the file was opened by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0941 to
this issue.
All users of OpenOffice.org are advised to upgrade to these updated
packages which contain backported patches to correct these issues.
---------------------------------------------------------------------
Changelogs
rh9:
* Fri Apr 15 2005 Dan Williams <dcbw at redhat.com> 1.0.2-11.2.legacy
- Fix CAN-2005-0941 (remove heap overflow vulnerability (bad .doc file can
exec arbitrary code)) (RH BZ #154989)
* Fri Sep 17 2004 Marc Deslauriers <marcdeslauriers at videotron.ca>
1.0.2-11.1.legacy
- Fix CAN-2004-0752 (tempfile permissions allow everyone to read data)
(RH BZ #152784)
fc1:
* Thu Apr 14 2005 Dan Williams <dcbw at redhat.com> - 1.1.0-16.2.legacy
- Fix CAN-2005-0941 (sot module overflow in .doc parsing)
* Thu Sep 23 2004 Rob Myers <rob.myers at gtri.gatech.edu> 1.1.0-16.1.legacy
- Fix CAN-2004-0752 (tempfile permissions allow everyone to read data)
(RH #130132)
with patch from 1.1.0-16.14
- fix "Freetype creeps in somehow", could probably be removed
fc2:
* Tue Apr 12 2005 Dan Williams <dcbw at redhat.com> - 1.1.3-11
- Fix CAN-2005-0941 (sot module overflow in .doc parsing)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedoralegacy.org/
(sha1sums)
8b3935db6ed8864aa0839971c272eacd4cb46963
redhat/9/updates-testing/i386/openoffice-1.0.2-11.2.legacy.i386.rpm
b3bbc948ec2c261fe0b44bc5f6ffd0d38243c241
redhat/9/updates-testing/i386/openoffice-i18n-1.0.2-11.2.legacy.i386.rpm
fc5a82e620de2fd69f3327382a44c6159c73087d
redhat/9/updates-testing/i386/openoffice-libs-1.0.2-11.2.legacy.i386.rpm
b71dd5e5630c2967e78d4e9339075d736b6b6773
redhat/9/updates-testing/SRPMS/openoffice-1.0.2-11.2.legacy.src.rpm
e93f1b81c245b1d5168256b24aa8c82f6dacb2da
fedora/1/updates-testing/i386/openoffice.org-1.1.0-16.2.legacy.i386.rpm
1adaa0cf3764aaef0cd8a9597d24f217ee547d0a
fedora/1/updates-testing/i386/openoffice.org-i18n-1.1.0-16.2.legacy.i386.rpm
2ebd3693673e0320c2d6407696949cf0fef2b9b3
fedora/1/updates-testing/i386/openoffice.org-libs-1.1.0-16.2.legacy.i386.rpm
d9ca1a29721ad845db6de1a01c6096163e54078d
fedora/1/updates-testing/SRPMS/openoffice.org-1.1.0-16.2.legacy.src.rpm
a28d80af75d648060587326ef3872a240e339b87
fedora/2/updates-testing/i386/openoffice.org-1.1.3-11.4.0.fc2.i386.rpm
ff7f301dfedbb042810991928ec59aee83c2b12e
fedora/2/updates-testing/i386/openoffice.org-i18n-1.1.3-11.4.0.fc2.i386.rpm
ed14c1e035b9a1fa44b1c16812bae81894d74828
fedora/2/updates-testing/i386/openoffice.org-kde-1.1.3-11.4.0.fc2.i386.rpm
06e156914d032b19deb05c27da73fd6901b45fe5
fedora/2/updates-testing/i386/openoffice.org-libs-1.1.3-11.4.0.fc2.i386.rpm
a003e78128a72b0d297d0fdb5faf5e1793cd02e6
fedora/2/updates-testing/SRPMS/openoffice.org-1.1.3-11.4.0.fc2.src.rpm
---------------------------------------------------------------------
Bugzilla
rh9:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154989
fc1:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154988
fc2:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154742
---------------------------------------------------------------------
Please test and comment in bugzilla.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20050502/466f722f/attachment.sig>
More information about the fedora-legacy-list
mailing list