Bug 458056 (CVE-2008-3282)
Summary: | CVE-2008-3282 openoffice.org: numeric truncation error in memory allocator (64bit) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | caolanm, dtardon, kreilly, skakar |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-11-06 11:00:29 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 458064, 458065 | ||
Bug Blocks: |
Description
Tomas Hoger
2008-08-06 12:46:36 UTC
OpenOffice.org upstream is aware of this issue, but they do not plan to release any security advisory for it, as they do not ship any 64bit pre-built packages. Issue was fixed upstream shortly after we reported it. Upstream bug report: http://www.openoffice.org/issues/show_bug.cgi?id=92217 This issue does not affect openoffice.org and openoffice.org2 packages as shipped in Red Hat Enterprise Linux 3 and 4, as only 32bit builds are shipped in those versions. Rene Engelhard of Debian pointed out that 64bit builds that use system memory allocator instead of the OpenOffice.org custom one (i.e. compiled with --with-alloc=system) are also unaffected by this problem. Lifting embargo. *** Bug 455867 has been marked as a duplicate of this bug. *** openoffice.org-2.4.1-17.6.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. openoffice.org-2.3.0-6.16.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0835.html Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-7531 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-7680 |