Dyon Balding of Secunia Research has reported a flaw in OpenOffice.org's MS Word handling code. When parsing the sprmTDelete record an integer underflow can be triggered that could result in a heap-based buffer overflow.
Created attachment 344137 [details]
my proposed patch
Created attachment 358230 [details]
final patch (same as the originaly really)
New upstream OpenOffice.org release 3.1.1 is out including the fix, details of the flaw remain non-public until Sep11.
This is public now: http://secunia.com/advisories/35036/
openoffice.org-3.0.1-15.5.fc10 has been submitted as an update for Fedora 10.
openoffice.org-3.0.1-15.6.fc10 has been submitted as an update for Fedora 10.
openoffice.org-3.0.1-15.6.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Via RHSA-2009:1426 https://rhn.redhat.com/errata/RHSA-2009-1426.html
F11 is already updated to fixed upstream version 3.1.1.
OpenOffice.org Security Bulletin:
Fixed upstream in upstream versions 3.1.1 and 2.4.3.
FYI: Downgrade conflict detected. I already have 3.1.1 installed. Update service is reporting I need a security fix of openoffice.org-ure-1:3.0.1-15.6.fc10(i386) but I already have openoffice.org-ure-1.5.1-9420.i586.
I don't believe your UNO runtime environment bug fix should be reported as necessary when a later (but non-fedora supplied) version of OOo is installed.
You have a package called "openoffice.org-ure" from (effectively) a different repository installed on your fedora. Conflicting packages with the same names is unfortunate but neither new nor fully under our control. If you want to mix different repositories which contain conflicting packages using the same name then you need to disable the packages from the fedora repository, e.g. see man yum.conf and exclude. This is not specific to this or any update.
>>Conflicting packages with the same names is unfortunate but neither new nor fully under our control
My apologies. I thought the version of the package would be checked if already detected as installed on the target before a update would be flagged as necessary. I will do as you suggest, thanks for the info.
rpm -qa | grep "openoffice.org"