(RHSA-2008:0175) Important: openoffice.org security update

2008-04-1700:00:00

access.redhat.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.93 High

EPSS

Percentile

98.8%

JSON

OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation manager,
formula editor, and drawing program.

Multiple heap overflows and an integer underflow were found in the Quattro
Pro® import filter. An attacker could create a carefully crafted Quattro
Pro file that could cause OpenOffice.org to crash or possibly execute
arbitrary code if the file was opened by a victim. (CVE-2007-5745,
CVE-2007-5747)

A heap overflow flaw was found in the EMF parser. An attacker could create
a carefully crafted EMF file that could cause OpenOffice.org to crash or
possibly execute arbitrary code if the malicious EMF image was added to a
document or if a document containing the malicious EMF file was opened by a
victim. (CVE-2007-5746)

A heap overflow flaw was found in the OLE Structured Storage file parser.
(OLE Structured Storage is a format used by Microsoft Office documents.) An
attacker could create a carefully crafted OLE file that could cause
OpenOffice.org to crash or possibly execute arbitrary code if the file was
opened by a victim. (CVE-2008-0320)

All users of OpenOffice.org are advised to upgrade to these updated
packages, which contain backported fixes to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanyppcopenoffice.org2-langpack-hu_hu< 2.0.4-5.7.0.4.0openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.4.0.ppc.rpm
RedHatanyppcopenoffice.org2-javafilter< 2.0.4-5.7.0.4.0openoffice.org2-javafilter-2.0.4-5.7.0.4.0.ppc.rpm
RedHatanyx86_64openoffice.org-langpack-or_in< 2.0.4-5.4.26openoffice.org-langpack-or_IN-2.0.4-5.4.26.x86_64.rpm
RedHatanyx86_64openoffice.org-langpack-he_il< 2.0.4-5.4.26openoffice.org-langpack-he_IL-2.0.4-5.4.26.x86_64.rpm
RedHatanyi386openoffice.org2-calc< 2.0.4-5.7.0.4.0openoffice.org2-calc-2.0.4-5.7.0.4.0.i386.rpm
RedHatanyi386openoffice.org2-langpack-eu_es< 2.0.4-5.7.0.4.0openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.4.0.i386.rpm
RedHatanyi386openoffice.org-langpack-nl< 2.0.4-5.4.26openoffice.org-langpack-nl-2.0.4-5.4.26.i386.rpm
RedHatanyx86_64openoffice.org-langpack-gl_es< 2.0.4-5.4.26openoffice.org-langpack-gl_ES-2.0.4-5.4.26.x86_64.rpm
RedHatanyppcopenoffice.org2-langpack-nn_no< 2.0.4-5.7.0.4.0openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.4.0.ppc.rpm
RedHatanyi386openoffice.org2-langpack-hu_hu< 2.0.4-5.7.0.4.0openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.4.0.i386.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	ppc	openoffice.org2-langpack-hu_hu	< 2.0.4-5.7.0.4.0	openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.4.0.ppc.rpm
RedHat	any	ppc	openoffice.org2-javafilter	< 2.0.4-5.7.0.4.0	openoffice.org2-javafilter-2.0.4-5.7.0.4.0.ppc.rpm
RedHat	any	x86_64	openoffice.org-langpack-or_in	< 2.0.4-5.4.26	openoffice.org-langpack-or_IN-2.0.4-5.4.26.x86_64.rpm
RedHat	any	x86_64	openoffice.org-langpack-he_il	< 2.0.4-5.4.26	openoffice.org-langpack-he_IL-2.0.4-5.4.26.x86_64.rpm
RedHat	any	i386	openoffice.org2-calc	< 2.0.4-5.7.0.4.0	openoffice.org2-calc-2.0.4-5.7.0.4.0.i386.rpm
RedHat	any	i386	openoffice.org2-langpack-eu_es	< 2.0.4-5.7.0.4.0	openoffice.org2-langpack-eu_ES-2.0.4-5.7.0.4.0.i386.rpm
RedHat	any	i386	openoffice.org-langpack-nl	< 2.0.4-5.4.26	openoffice.org-langpack-nl-2.0.4-5.4.26.i386.rpm
RedHat	any	x86_64	openoffice.org-langpack-gl_es	< 2.0.4-5.4.26	openoffice.org-langpack-gl_ES-2.0.4-5.4.26.x86_64.rpm
RedHat	any	ppc	openoffice.org2-langpack-nn_no	< 2.0.4-5.7.0.4.0	openoffice.org2-langpack-nn_NO-2.0.4-5.7.0.4.0.ppc.rpm
RedHat	any	i386	openoffice.org2-langpack-hu_hu	< 2.0.4-5.7.0.4.0	openoffice.org2-langpack-hu_HU-2.0.4-5.7.0.4.0.i386.rpm