Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
centosCentOS ProjectCESA-2008:0538
HistoryJun 14, 2008 - 8:53 a.m.

openoffice.org security update

2008-06-1408:53:15
CentOS Project
lists.centos.org
40

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.087 Low

EPSS

Percentile

94.4%

JSON

CentOS Errata and Security Advisory CESA-2008:0538

OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation manager,
formula editor, and drawing program.

Sean Larsson found a heap overflow flaw in the OpenOffice memory allocator.
If a carefully crafted file was opened by a victim, an attacker could use
the flaw to crash OpenOffice.org or, possibly, execute arbitrary code.
(CVE-2008-2152)

It was discovered that certain libraries in the Red Hat Enterprise Linux 3
and 4 openoffice.org packages had an insecure relative RPATH (runtime
library search path) set in the ELF (Executable and Linking Format) header.
A local user able to convince another user to run OpenOffice in an
attacker-controlled directory, could run arbitrary code with the privileges
of the victim. (CVE-2008-2366)

All users of openoffice.org are advised to upgrade to these updated
packages, which contain backported fixes which correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-June/077140.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077141.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077208.html
https://lists.centos.org/pipermail/centos-announce/2008-June/077209.html

Affected packages:
openoffice.org
openoffice.org-i18n
openoffice.org-kde
openoffice.org-libs

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0538

OSVersionArchitecturePackageVersionFilename
CentOS3i386openoffice.org<Β 1.1.2-42.2.0.EL3openoffice.org-1.1.2-42.2.0.EL3.i386.rpm
CentOS3i386openoffice.org-i18n<Β 1.1.2-42.2.0.EL3openoffice.org-i18n-1.1.2-42.2.0.EL3.i386.rpm
CentOS3i386openoffice.org-libs<Β 1.1.2-42.2.0.EL3openoffice.org-libs-1.1.2-42.2.0.EL3.i386.rpm
CentOS3i386openoffice.org<Β 1.1.2-42.2.0.EL3openoffice.org-1.1.2-42.2.0.EL3.i386.rpm
CentOS3i386openoffice.org-i18n<Β 1.1.2-42.2.0.EL3openoffice.org-i18n-1.1.2-42.2.0.EL3.i386.rpm
CentOS3i386openoffice.org-libs<Β 1.1.2-42.2.0.EL3openoffice.org-libs-1.1.2-42.2.0.EL3.i386.rpm
CentOS4i386openoffice.org<Β 1.1.5-10.6.0.5.EL4openoffice.org-1.1.5-10.6.0.5.EL4.i386.rpm
CentOS4i386openoffice.org-i18n<Β 1.1.5-10.6.0.5.EL4openoffice.org-i18n-1.1.5-10.6.0.5.EL4.i386.rpm
CentOS4i386openoffice.org-kde<Β 1.1.5-10.6.0.5.EL4openoffice.org-kde-1.1.5-10.6.0.5.EL4.i386.rpm
CentOS4i386openoffice.org-libs<Β 1.1.5-10.6.0.5.EL4openoffice.org-libs-1.1.5-10.6.0.5.EL4.i386.rpm
Rows per page:
1-10 of 141

Related

openvas 38
nessus 15
redhat 2
oraclelinux 1
securityvulns 2
cve 3
centos 1
prion 3
fedora 5
seebug 1
veracode 1
gentoo 1
ubuntucve 2
openvas
openvas
RedHat Update for openoffice.org RHSA-2008:0538-01
2009-03-06 00:00:00
CentOS Update for openoffice.org CESA-2008:0538 centos4 x86_64
2009-02-27 00:00:00
CentOS Update for openoffice.org CESA-2008:0538 centos4 x86_64
2009-02-27 00:00:00
nessus
nessus
RHEL 3 / 4 : openoffice.org (RHSA-2008:0538)
2008-06-16 00:00:00
Oracle Linux 3 / 4 : openoffice.org (ELSA-2008-0538)
2013-07-12 00:00:00
Scientific Linux Security Update : openoffice.org on SL3.x, SL4.x i386/x86_64
2012-08-01 00:00:00
redhat
redhat
(RHSA-2008:0538) Important: openoffice.org security update
2008-06-12 00:00:00
(RHSA-2008:0537) Important: openoffice.org security update
2008-06-12 00:00:00
oraclelinux
oraclelinux
openoffice.org security update
2008-06-13 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 06.10.08: Multiple Vendor OpenOffice rtl_allocateMemory&#40;&#41; Integer Overflow Vulnerability
2008-06-10 00:00:00
OpenOffice integer overflow
2008-06-10 00:00:00
cve
cve
CVE-2008-2152
2008-06-10 18:32:00
CVE-2008-2366
2008-06-16 18:41:00
CVE-2008-3282
2008-08-29 18:41:00
centos
centos
openoffice.org2 security update
2008-06-27 10:26:05
prion
prion
Integer overflow
2008-06-10 18:32:00
Design/Logic Flaw
2008-06-16 18:41:00
Integer overflow
2008-08-29 18:41:00
fedora
fedora
[SECURITY] Fedora 9 Update: openoffice.org-2.4.1-17.3.fc9
2008-06-11 04:39:18
[SECURITY] Fedora 8 Update: openoffice.org-2.3.0-6.15.fc8
2008-06-11 23:35:32
[SECURITY] Fedora 8 Update: openoffice.org-2.3.0-6.16.fc8
2008-09-10 07:24:03
seebug
seebug
OpenOffice rtl_allocateMemory()ε‡½ζ•°ε †ζΊ’ε‡ΊζΌζ΄ž
2008-06-14 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:31:56
gentoo
gentoo
OpenOffice.org: User-assisted execution of arbitrary code
2008-07-09 00:00:00
ubuntucve
ubuntucve
CVE-2008-2152
2008-06-10 00:00:00
CVE-2008-3282
2008-08-29 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.087 Low

EPSS

Percentile

94.4%

JSON
Related for CESA-2008:0538
openvas38nessus15redhat2oraclelinux1securityvulns2cve3centos1prion3fedora5seebug1veracode1gentoo1ubuntucve2