Fedora 8: FEDORA-2008-9333 Moderate Risk with OpenOffice.org File Issues

OpenOffice.org is an Open Source, community-developed, multi-platform

office productivity suite. It includes the key desktop applications,

such as a word processor, spreadsheet, presentation manager, formula

editor and drawing program, with a user interface and feature set

similar to other office suites. Sophisticated and flexible,

OpenOffice.org also works transparently with a variety of file

formats, including Microsoft Office.

Usage: Simply type "ooffice" to run OpenOffice.org or select the

requested component (Writer, Calc, Impress, etc.) from your

desktop menu. On first start a few files will be installed in the

user's home, if necessary.

A security release to address: - CVE-2008-2237: Manipulated WMF files -CVE-2008-2238: Manipulated EMF files as described at

http://www.openoffice.org/security/bulletin.html

* Wed Oct 29 2008 Caolan McNamara - 1:2.3.0-6.17

- CVE-2008-2237: Manipulated WMF files

- CVE-2008-2238: Manipulated EMF files

* Wed Aug 27 2008 Caolan McNamara - 1:2.3.0-6.16

- Resolves: CVE-2008-3282 numeric truncation error in OOo memory allocator

* Tue Jun 10 2008 Caolan McNamara - 1:2.3.0-6.15

- Resolves: rhbz#450650 CVE-2008-2152

* Thu Apr 17 2008 Caolan McNamara - 1:2.3.0-6.14

- Resolves: rhbz#435688 CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320

* Sat Apr 5 2008 Caolan McNamara - 1:2.3.0-6.13

- Resolves: rhbz#440650 mktemp has no --tmpdir on F-8

- Resolves: rhbz#441112 openoffice.org-3.0.0.ooo85691.vcl.tooltipcolor.patch

* Wed Mar 19 2008 Caolan McNamara - 1:2.3.0-6.12

- Resolves: rhbz#429278 add workspace.sw8u9bf01.patch

- Resolves: rhbz#428574 add workspace.sw24bf02.patch

- remove pixmap leak openoffice.org-2.4.0.ooo85321.vcl.pixmapleak.patch

- Resolves: rhbz#429897 one click print with lpr-only backend fix

- Resolves: rhbz#431606 require jre not java

- Resolves: rhbz#431805 openoffice.org-2.4.0.ooo85931.svx.getentrypos.patch

- Resolves: rhbz#429632 add openoffice.org-2.3.0.ooo86882.vcl.unsigned_int_to_long.patch

- Resolves: rhbz#435590 add openoffice.org-2.4.0.ooo86924.sfx2.iconchanges.patch

- add openoffice.org-2.4.0.ooo86080.unopkg.bodge.patch

- add openoffice.org-2.3.1.ooo83878.unopkg.enablelinking.patch

- add openoffice.org-2.4.0.ooo87204.toolkit.64bitevent.patch

* Fri Jan 11 2008 Caolan McNamara - 1:2.3.0-6.11

- Resolves: rhbz#426876 add openoffice.org-2.4.0.ooo85055.psprint.linetoolong.patch

- Resolves: rhbz#425701/ooo#83410 try to fix serbian translations

* Wed Jan 2 2008 Caolan McNamara - 1:2.3.0-6.10

- Resolves: rhbz#427071 openoffice.org-2.3.0.ooo81314.i18npool.crash.patch

* Thu Dec 20 2007 Caolan McNamara - 1:2.3.0-6.9

- add openoffice.org-2.3.1.ooo84770.svx.eventsmismatch.patch

* Tue Dec 18 2007 Caolan McNamara - 1:2.3.0-6.8

- Resolves: rhbz#425701 add workspace.locales24.patch

- Resolves: rhbz#423371 openoffice.org-2.3.1.ooo84621.sw.insertexcel.patch

- Resolves: rhbz#410381/rhbz#384401 openoffice.org-2.3.1.ooo84676.ucb.davprotocol.patch

* Mon Dec 3 2007 Caolan McNamara - 1:2.3.0-6.7

- Resolves: rhbz#303601 CVE-2007-4575 workspace.hsql1808.patch

- add workspace.allowcurloldies.patch because curl became build-time incompatible

post F-8 release

- add openoffice.org-2.3.0.ooo82966.svx.missing3d.patch

- add openoffice.org-2.3.0.ooo83169.colordialog.crash.patch

- Resolves: rhbz#386371 add workspace.sw8u10bf02.patch

- Resolves: rhbz#384391 add openoffice.org-2.3.1.ooo83930.sw.flushanchors.patch

[ 1 ] Bug #462639 - CVE-2008-2237 OpenOffice.org WMF integer overflow

https://bugzilla.redhat.com/show_bug.cgi?id=462639

[ 2 ] Bug #466528 - CVE-2008-2238 OpenOffice.org multiple EMF buffer overflows

https://bugzilla.redhat.com/show_bug.cgi?id=466528

su -c 'yum update openoffice.org' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/