Bug 154540 - CAN-2005-0941 openoffice.org heap overflow
CAN-2005-0941 openoffice.org heap overflow
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openoffice.org (Show other bugs)
4.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Dan Williams
impact=important,public=20050412,sour...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-12 11:20 EDT by Josh Bressers
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-25 16:35:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
exploit doc for this vuln (31.50 KB, application/msword)
2005-04-14 10:49 EDT, Dan Williams
no flags Details

  None (edit)
Description Josh Bressers 2005-04-12 11:20:57 EDT
A heap overflow was reported in openoffice.org
http://www.securityfocus.com/archive/1/395516/2005-04-08/2005-04-14/0


The patch is located here:
http://util.openoffice.org/source/browse/util/sot/source/sdstor/stgole.cxx?r1=1.4&r2=1.4.166.1

The upstream bug with a demo exploit is here:
http://www.openoffice.org/issues/show_bug.cgi?id=46388
Comment 1 Josh Bressers 2005-04-12 11:21:45 EDT
This issue also affects RHEL3
Comment 2 Josh Bressers 2005-04-12 11:45:43 EDT
This issue is going to be covered by RHSA-2005:375
Comment 3 Dan Williams 2005-04-14 10:49:07 EDT
Created attachment 113151 [details]
exploit doc for this vuln
Comment 4 Dan Williams 2005-04-14 12:37:50 EDT
packages attached to RHSA-2005:375 and passed rpmdiff.  Awaiting QA.
Comment 5 Josh Bressers 2005-04-25 16:35:56 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-375.html

Note You need to log in before you can comment on or make changes to this bug.