openoffice.org security update

2012-03-23T14:34:12
ID CESA-2012:0411
Type centos
Reporter CentOS Project
Modified 2012-03-23T14:34:12

Description

CentOS Errata and Security Advisory CESA-2012:0411

OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework (RDF) files.

An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially-crafted file (such as an OpenDocument Format or OpenDocument Presentation file), it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2012-0037)

Red Hat would like to thank Timothy D. Morgan of VSR for reporting this issue.

All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct this issue. All running instances of OpenOffice.org applications must be restarted for this update to take effect.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2012-March/018519.html

Affected packages: openoffice.org openoffice.org-base openoffice.org-calc openoffice.org-core openoffice.org-draw openoffice.org-emailmerge openoffice.org-graphicfilter openoffice.org-headless openoffice.org-impress openoffice.org-javafilter openoffice.org-langpack-af_ZA openoffice.org-langpack-ar openoffice.org-langpack-as_IN openoffice.org-langpack-bg_BG openoffice.org-langpack-bn openoffice.org-langpack-ca_ES openoffice.org-langpack-cs_CZ openoffice.org-langpack-cy_GB openoffice.org-langpack-da_DK openoffice.org-langpack-de openoffice.org-langpack-el_GR openoffice.org-langpack-es openoffice.org-langpack-et_EE openoffice.org-langpack-eu_ES openoffice.org-langpack-fi_FI openoffice.org-langpack-fr openoffice.org-langpack-ga_IE openoffice.org-langpack-gl_ES openoffice.org-langpack-gu_IN openoffice.org-langpack-he_IL openoffice.org-langpack-hi_IN openoffice.org-langpack-hr_HR openoffice.org-langpack-hu_HU openoffice.org-langpack-it openoffice.org-langpack-ja_JP openoffice.org-langpack-kn_IN openoffice.org-langpack-ko_KR openoffice.org-langpack-lt_LT openoffice.org-langpack-ml_IN openoffice.org-langpack-mr_IN openoffice.org-langpack-ms_MY openoffice.org-langpack-nb_NO openoffice.org-langpack-nl openoffice.org-langpack-nn_NO openoffice.org-langpack-nr_ZA openoffice.org-langpack-nso_ZA openoffice.org-langpack-or_IN openoffice.org-langpack-pa_IN openoffice.org-langpack-pl_PL openoffice.org-langpack-pt_BR openoffice.org-langpack-pt_PT openoffice.org-langpack-ru openoffice.org-langpack-sk_SK openoffice.org-langpack-sl_SI openoffice.org-langpack-sr_CS openoffice.org-langpack-ss_ZA openoffice.org-langpack-st_ZA openoffice.org-langpack-sv openoffice.org-langpack-ta_IN openoffice.org-langpack-te_IN openoffice.org-langpack-th_TH openoffice.org-langpack-tn_ZA openoffice.org-langpack-tr_TR openoffice.org-langpack-ts_ZA openoffice.org-langpack-ur openoffice.org-langpack-ve_ZA openoffice.org-langpack-xh_ZA openoffice.org-langpack-zh_CN openoffice.org-langpack-zh_TW openoffice.org-langpack-zu_ZA openoffice.org-math openoffice.org-pyuno openoffice.org-sdk openoffice.org-sdk-doc openoffice.org-testtools openoffice.org-ure openoffice.org-writer openoffice.org-xsltfilter

Upstream details at: https://rhn.redhat.com/errata/RHSA-2012-0411.html