+++ This bug was initially created as a clone of Bug #154742 +++ Advisory: http://www.securityfocus.com/bid/13092/ Fedora Core 3 update: http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00027.html An attacker may exploit this issue by crafting a malformed .doc file and enticing a user to open this file with the affected application. If a vulnerable user opens this file in OpenOffice, the application may crash due to memory corruption. This issue may also be leveraged to execute arbitrary code in the context of the user running OpenOffice. Patchfile: patches-OOO_1_1-sot-overflow.diff (from FC2 & FC3 packages) See also bug #152784 (CAN-2004-0752) which is not yet fixed in RHL9.
This should be fixed in the packages Dan made, available temporarily from <ftp://evol.bu.edu/openoffice/>, with checksums at <http://people.redhat.com/dcbw/ooo/rh9-ooo-md5sums.txt>. Note that there's a mismatch with openoffice-libs-1.0.2-11.2.legacy.i386.rpm right now -- we'll get that straightened out soon.
Okay, fixed. Thanks again to Dan.
Note that these packages also fix Bug 152784 (CAN-2004-0752 - openoffice.org temp file handling bug).
Packages were pushed to updates-testing. Thanks again Dan for your help on this issue.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA for RHL9: Installed openoffice, -i18n, and -libs. Installation went smoothly, and basic functionality (like opening .doc files) seemed to work OK. +VERIFY RHL9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCe50QGHbTkzxSL7QRAmVRAKCV4WVXzhCPVM3tO0rK6FcPMv5G4gCfZWpm iDAunNJFIP3VyR2J+9WxKrQ= =kwpz -----END PGP SIGNATURE----- (Not sure what to put in when the bug has been split across multiple distro versions, and some of those still need VERIFY while others don't..)
Released to updates.