Bug 154989
Summary: | RH9: CAN-2005-0941: remote heap overflow vulnerability (bad .doc file can exec arbitrary code) | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | Dan Williams <dcbw> |
Component: | openoffice | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | rhl9 | CC: | dcbw, pekkas |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | LEGACY, rh9 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-05-13 00:51:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dan Williams
2005-04-15 13:41:13 UTC
This should be fixed in the packages Dan made, available temporarily from <ftp://evol.bu.edu/openoffice/>, with checksums at <http://people.redhat.com/dcbw/ooo/rh9-ooo-md5sums.txt>. Note that there's a mismatch with openoffice-libs-1.0.2-11.2.legacy.i386.rpm right now -- we'll get that straightened out soon. Okay, fixed. Thanks again to Dan. Note that these packages also fix Bug 152784 (CAN-2004-0752 - openoffice.org temp file handling bug). Packages were pushed to updates-testing. Thanks again Dan for your help on this issue. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA for RHL9: Installed openoffice, -i18n, and -libs. Installation went smoothly, and basic functionality (like opening .doc files) seemed to work OK. +VERIFY RHL9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCe50QGHbTkzxSL7QRAmVRAKCV4WVXzhCPVM3tO0rK6FcPMv5G4gCfZWpm iDAunNJFIP3VyR2J+9WxKrQ= =kwpz -----END PGP SIGNATURE----- (Not sure what to put in when the bug has been split across multiple distro versions, and some of those still need VERIFY while others don't..) Released to updates. |