security update

ID CESA-2008:0538
Type centos
Reporter CentOS Project
Modified 2008-06-27T10:25:27


CentOS Errata and Security Advisory CESA-2008:0538 is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program.

Sean Larsson found a heap overflow flaw in the OpenOffice memory allocator. If a carefully crafted file was opened by a victim, an attacker could use the flaw to crash or, possibly, execute arbitrary code. (CVE-2008-2152)

It was discovered that certain libraries in the Red Hat Enterprise Linux 3 and 4 packages had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local user able to convince another user to run OpenOffice in an attacker-controlled directory, could run arbitrary code with the privileges of the victim. (CVE-2008-2366)

All users of are advised to upgrade to these updated packages, which contain backported fixes which correct these issues.

Merged security bulletin from advisories:

Affected packages:

Upstream details at: