Bug 154742
Summary: | CAN-2005-0941: remote heap overflow vulnerability (bad .doc file can exec arbitrary code) | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | Matthew Miller <mattdm> |
Component: | openoffice | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | fc2 | CC: | dcbw |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-05-13 00:52:24 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Matthew Miller
2005-04-13 21:55:28 UTC
I actually have FC2 packages that I pushed through Beehive right before the cutoff date happened. I'd be happy to post them somewhere, since I was just about to push them to fc2-updates anyway right when the cutoff came around. packages for FC2 are here: http://people.redhat.com/dcbw/ooo/ Thanks Dan! Packages were pushed to updates-testing. fc2: openoffice.org-1.1.3-11.4.0.fc2 packages were downloaded into a temporary directory, checked with rpm -K openoffice*, and installed without any exceptions or difficulty. In turn, openoffice.org calc, draw, impress, and writer were opened and used without encountering any exceptions. Project management and Math were opened and closed, but not used. Tests performed included the following. WRITER: 1. A new document was created and saved in native oo.o format. Writer was closed, reopened and the newly created writer document was opened and closed without exception or error. 2. A pre-existing native oo.o format document containing both text and tables imported from oo.o calc was loaded, edited slightly and saved without error. 3. A pre-existing .doc file was opened and saved in native oo.o format, as .pdf, as .rtf, and as .html. All created documents were subsequently opened with oo.o. The .rtf document was also opened with abiword, the .html document was opened with Konqueror, and the .pdf document was opened with PDF Viewer. CALC: 1. A pre-existing .xls spreadsheet document of greater size than oo.o can process was opened. oo.o continued running, advising the user that rows in excess of oo.o capacity were not imported. (Unexpected outcome: Loading of this spreadsheet file seemed a bit faster than I remembered from earlier versions of oo.o.) 2. A new spreadsheet was created using test data and four of the more simple built-in statistical functions. No errors or exceptions encountered. 3. Several existing .xls files containing table lookups, mutiple coloring of text, statistical functions, relatively sophisticated formating were successfully opened without observing any indications that formating had changed or that functions used were not accurately supported. DRAW, IMPRESS: 1. Simple new documents were created and saved. Oo.o was closed, reopened and the newly created documents were reopened without error. +verify Released to updates |