blob: 0648355ad976ecab6278f8a43be76cce3f706b6f [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200704-12">
<title> Multiple vulnerabilities</title>
Multiple vulnerabilities have been discovered in, allowing
for remote execution of arbitrary code.
<product type="ebuild"></product>
<announced>April 16, 2007</announced>
<revised>April 16, 2007: 01</revised>
<package name="app-office/openoffice" auto="yes" arch="*">
<unaffected range="ge">2.1.0-r1</unaffected>
<vulnerable range="lt">2.1.0-r1</vulnerable>
<package name="app-office/openoffice-bin" auto="yes" arch="*">
<unaffected range="ge">2.2.0</unaffected>
<vulnerable range="lt">2.2.0</vulnerable>
<p> is an open source office productivity suite, including
word processing, spreadsheet, presentation, drawing, data charting,
formula editing, and file conversion facilities.
John Heasman of NGSSoftware has discovered a stack-based buffer
overflow in the StarCalc parser and an input validation error when
processing metacharacters in a link. Also OpenOffice.Org includes code
from libwpd making it vulnerable to heap-based overflows when
converting WordPerfect document tables (GLSA 200704-07).
<impact type="normal">
A remote attacker could entice a user to open a specially crafted
document, possibly leading to execution of arbitrary code with the
rights of the user running
There is no known workaround at this time.
All users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-office/openoffice-2.1.0-r1&quot;</code>
All binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-office/openoffice-bin-2.2.0&quot;</code>
<uri link="">CVE-2007-0002</uri>
<uri link="">CVE-2007-0238</uri>
<uri link="">CVE-2007-0239</uri>
<uri link="/security/en/glsa/glsa-200704-07.xml">GLSA-200704-07</uri>
<metadata tag="requester" timestamp="Wed, 11 Apr 2007 10:02:01 +0000">
<metadata tag="submitter" timestamp="Wed, 11 Apr 2007 18:10:31 +0000">
<metadata tag="bugReady" timestamp="Wed, 11 Apr 2007 18:15:09 +0000">