(RHSA-2008:0939) Important: openoffice.org security update

2008-11-0500:00:00

access.redhat.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.124 Low

EPSS

Percentile

94.9%

JSON

OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation manager,
formula editor, and drawing program.

SureRun Security Team discovered an integer overflow flaw leading to a heap
buffer overflow in the Windows Metafile (WMF) image format parser. An
attacker could create a carefully crafted document containing a malicious
WMF file that could cause OpenOffice.org to crash, or, possibly, execute
arbitrary code if opened by a victim. (CVE-2008-2237)

Multiple integer overflow flaws were found in the Enhanced Windows Metafile
(EMF) parser. An attacker could create a carefully crafted document
containing a malicious EMF file that could cause OpenOffice.org to crash,
or, possibly, execute arbitrary code if opened by a victim. (CVE-2008-2238)

All users of OpenOffice.org are advised to upgrade to these updated
packages, which contain backported patches that correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanyppcopenoffice.org2-langpack-da_dk< 2.0.4-5.7.0.6.0openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.ppc.rpm
RedHatanyppcopenoffice.org2-langpack-ga_ie< 2.0.4-5.7.0.6.0openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.ppc.rpm
RedHat5i386openoffice.org-sdk-doc< 2.3.0-6.5.4.el5_2openoffice.org-sdk-doc-2.3.0-6.5.4.el5_2.i386.rpm
RedHat5i386openoffice.org-writer< 2.3.0-6.5.4.el5_2openoffice.org-writer-2.3.0-6.5.4.el5_2.i386.rpm
RedHat5x86_64openoffice.org-sdk< 2.3.0-6.5.4.el5_2openoffice.org-sdk-2.3.0-6.5.4.el5_2.x86_64.rpm
RedHatanyppcopenoffice.org2-langpack-de< 2.0.4-5.7.0.6.0openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.ppc.rpm
RedHatanyi386openoffice.org2-javafilter< 2.0.4-5.7.0.6.0openoffice.org2-javafilter-2.0.4-5.7.0.6.0.i386.rpm
RedHatanyi386openoffice.org2-langpack-pl_pl< 2.0.4-5.7.0.6.0openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.i386.rpm
RedHat5x86_64openoffice.org-langpack-or_in< 2.3.0-6.5.4.el5_2openoffice.org-langpack-or_IN-2.3.0-6.5.4.el5_2.x86_64.rpm
RedHat5x86_64openoffice.org-math< 2.3.0-6.5.4.el5_2openoffice.org-math-2.3.0-6.5.4.el5_2.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	ppc	openoffice.org2-langpack-da_dk	< 2.0.4-5.7.0.6.0	openoffice.org2-langpack-da_DK-2.0.4-5.7.0.6.0.ppc.rpm
RedHat	any	ppc	openoffice.org2-langpack-ga_ie	< 2.0.4-5.7.0.6.0	openoffice.org2-langpack-ga_IE-2.0.4-5.7.0.6.0.ppc.rpm
RedHat	5	i386	openoffice.org-sdk-doc	< 2.3.0-6.5.4.el5_2	openoffice.org-sdk-doc-2.3.0-6.5.4.el5_2.i386.rpm
RedHat	5	i386	openoffice.org-writer	< 2.3.0-6.5.4.el5_2	openoffice.org-writer-2.3.0-6.5.4.el5_2.i386.rpm
RedHat	5	x86_64	openoffice.org-sdk	< 2.3.0-6.5.4.el5_2	openoffice.org-sdk-2.3.0-6.5.4.el5_2.x86_64.rpm
RedHat	any	ppc	openoffice.org2-langpack-de	< 2.0.4-5.7.0.6.0	openoffice.org2-langpack-de-2.0.4-5.7.0.6.0.ppc.rpm
RedHat	any	i386	openoffice.org2-javafilter	< 2.0.4-5.7.0.6.0	openoffice.org2-javafilter-2.0.4-5.7.0.6.0.i386.rpm
RedHat	any	i386	openoffice.org2-langpack-pl_pl	< 2.0.4-5.7.0.6.0	openoffice.org2-langpack-pl_PL-2.0.4-5.7.0.6.0.i386.rpm
RedHat	5	x86_64	openoffice.org-langpack-or_in	< 2.3.0-6.5.4.el5_2	openoffice.org-langpack-or_IN-2.3.0-6.5.4.el5_2.x86_64.rpm
RedHat	5	x86_64	openoffice.org-math	< 2.3.0-6.5.4.el5_2	openoffice.org-math-2.3.0-6.5.4.el5_2.x86_64.rpm