Fedora Legacy Test Update Notification: openoffice.org

Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> · Mon, 02 May 2005 07:58:44 -0400

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-154988
2005-05-02
---------------------------------------------------------------------

Name        : openoffice.org
Versions    : rh9: openoffice-1.0.2-11.2.legacy
Versions    : fc1: openoffice.org-1.1.0-16.2.legacy
Versions    : fc2: openoffice.org-1.1.3-11.4.0.fc2
Summary     : OpenOffice.org comprehensive office suite.
Description :
OpenOffice.org is an Open Source, community-developed, multi-platform
office productivity suite.  It includes the key desktop applications,
such as a word processor, spreadsheet, presentation manager, formula
editor and drawing program, with a user interface and feature set
similar to other office suites.  Sophisticated and flexible,
OpenOffice.org also works transparently with a variety of file
formats, including Microsoft Office.

---------------------------------------------------------------------
Update Information:

Updated openoffice.org packages that fix two security issues are now
available.

OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation
manager, formula editor, and drawing program.

Secunia Research reported an issue with the handling of temporary
files. A malicious local user could use this flaw to access the contents
of another user's open documents. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0752 to
this issue.

A heap based buffer overflow bug was found in the OpenOffice.org DOC
file processor. An attacker could create a carefully crafted DOC file in
such a way that it could cause OpenOffice.org to execute arbitrary code
when the file was opened by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0941 to
this issue.

All users of OpenOffice.org are advised to upgrade to these updated
packages which contain backported patches to correct these issues.

---------------------------------------------------------------------
Changelogs

rh9:
* Fri Apr 15 2005 Dan Williams <dcbw@xxxxxxxxxx> 1.0.2-11.2.legacy
- Fix CAN-2005-0941 (remove heap overflow vulnerability (bad .doc file can
        exec arbitrary code))  (RH BZ #154989)

* Fri Sep 17 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx>
1.0.2-11.1.legacy
- Fix CAN-2004-0752 (tempfile permissions allow everyone to read data)
(RH BZ #152784)

fc1:
* Thu Apr 14 2005 Dan Williams <dcbw@xxxxxxxxxx> - 1.1.0-16.2.legacy
- Fix CAN-2005-0941 (sot module overflow in .doc parsing)

* Thu Sep 23 2004 Rob Myers <rob.myers@xxxxxxxxxxxxxxx> 1.1.0-16.1.legacy
- Fix CAN-2004-0752 (tempfile permissions allow everyone to read data)
(RH #130132)
  with patch from 1.1.0-16.14
- fix "Freetype creeps in somehow", could probably be removed

fc2:
* Tue Apr 12 2005 Dan Williams <dcbw@xxxxxxxxxx> - 1.1.3-11
- Fix CAN-2005-0941 (sot module overflow in .doc parsing)

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

8b3935db6ed8864aa0839971c272eacd4cb46963
redhat/9/updates-testing/i386/openoffice-1.0.2-11.2.legacy.i386.rpm
b3bbc948ec2c261fe0b44bc5f6ffd0d38243c241
redhat/9/updates-testing/i386/openoffice-i18n-1.0.2-11.2.legacy.i386.rpm
fc5a82e620de2fd69f3327382a44c6159c73087d
redhat/9/updates-testing/i386/openoffice-libs-1.0.2-11.2.legacy.i386.rpm
b71dd5e5630c2967e78d4e9339075d736b6b6773
redhat/9/updates-testing/SRPMS/openoffice-1.0.2-11.2.legacy.src.rpm
e93f1b81c245b1d5168256b24aa8c82f6dacb2da
fedora/1/updates-testing/i386/openoffice.org-1.1.0-16.2.legacy.i386.rpm
1adaa0cf3764aaef0cd8a9597d24f217ee547d0a
fedora/1/updates-testing/i386/openoffice.org-i18n-1.1.0-16.2.legacy.i386.rpm
2ebd3693673e0320c2d6407696949cf0fef2b9b3
fedora/1/updates-testing/i386/openoffice.org-libs-1.1.0-16.2.legacy.i386.rpm
d9ca1a29721ad845db6de1a01c6096163e54078d
fedora/1/updates-testing/SRPMS/openoffice.org-1.1.0-16.2.legacy.src.rpm
a28d80af75d648060587326ef3872a240e339b87
fedora/2/updates-testing/i386/openoffice.org-1.1.3-11.4.0.fc2.i386.rpm
ff7f301dfedbb042810991928ec59aee83c2b12e
fedora/2/updates-testing/i386/openoffice.org-i18n-1.1.3-11.4.0.fc2.i386.rpm
ed14c1e035b9a1fa44b1c16812bae81894d74828
fedora/2/updates-testing/i386/openoffice.org-kde-1.1.3-11.4.0.fc2.i386.rpm
06e156914d032b19deb05c27da73fd6901b45fe5
fedora/2/updates-testing/i386/openoffice.org-libs-1.1.3-11.4.0.fc2.i386.rpm
a003e78128a72b0d297d0fdb5faf5e1793cd02e6
fedora/2/updates-testing/SRPMS/openoffice.org-1.1.3-11.4.0.fc2.src.rpm

---------------------------------------------------------------------
Bugzilla
rh9:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154989

fc1:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154988

fc2:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154742

---------------------------------------------------------------------
Please test and comment in bugzilla.
Attachment:
signature.asc

Description: OpenPGP digital signature
--

fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list