9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.087 Low
EPSS
Percentile
94.4%
CentOS Errata and Security Advisory CESA-2008:0538
OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation manager,
formula editor, and drawing program.
Sean Larsson found a heap overflow flaw in the OpenOffice memory allocator.
If a carefully crafted file was opened by a victim, an attacker could use
the flaw to crash OpenOffice.org or, possibly, execute arbitrary code.
(CVE-2008-2152)
It was discovered that certain libraries in the Red Hat Enterprise Linux 3
and 4 openoffice.org packages had an insecure relative RPATH (runtime
library search path) set in the ELF (Executable and Linking Format) header.
A local user able to convince another user to run OpenOffice in an
attacker-controlled directory, could run arbitrary code with the privileges
of the victim. (CVE-2008-2366)
All users of openoffice.org are advised to upgrade to these updated
packages, which contain backported fixes which correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-June/077140.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077141.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077208.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077209.html
Affected packages:
openoffice.org
openoffice.org-i18n
openoffice.org-kde
openoffice.org-libs
Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0538
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | openoffice.org | <Β 1.1.2-42.2.0.EL3 | openoffice.org-1.1.2-42.2.0.EL3.i386.rpm |
CentOS | 3 | i386 | openoffice.org-i18n | <Β 1.1.2-42.2.0.EL3 | openoffice.org-i18n-1.1.2-42.2.0.EL3.i386.rpm |
CentOS | 3 | i386 | openoffice.org-libs | <Β 1.1.2-42.2.0.EL3 | openoffice.org-libs-1.1.2-42.2.0.EL3.i386.rpm |
CentOS | 3 | i386 | openoffice.org | <Β 1.1.2-42.2.0.EL3 | openoffice.org-1.1.2-42.2.0.EL3.i386.rpm |
CentOS | 3 | i386 | openoffice.org-i18n | <Β 1.1.2-42.2.0.EL3 | openoffice.org-i18n-1.1.2-42.2.0.EL3.i386.rpm |
CentOS | 3 | i386 | openoffice.org-libs | <Β 1.1.2-42.2.0.EL3 | openoffice.org-libs-1.1.2-42.2.0.EL3.i386.rpm |
CentOS | 4 | i386 | openoffice.org | <Β 1.1.5-10.6.0.5.EL4 | openoffice.org-1.1.5-10.6.0.5.EL4.i386.rpm |
CentOS | 4 | i386 | openoffice.org-i18n | <Β 1.1.5-10.6.0.5.EL4 | openoffice.org-i18n-1.1.5-10.6.0.5.EL4.i386.rpm |
CentOS | 4 | i386 | openoffice.org-kde | <Β 1.1.5-10.6.0.5.EL4 | openoffice.org-kde-1.1.5-10.6.0.5.EL4.i386.rpm |
CentOS | 4 | i386 | openoffice.org-libs | <Β 1.1.5-10.6.0.5.EL4 | openoffice.org-libs-1.1.5-10.6.0.5.EL4.i386.rpm |