Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

RedHat: RHSA-2009-1426-01 Important: OpenOffice.org Buffer Overflow Issue

red hat
Calendar Grey September 4, 2009
Dist Redhat Esm H88
Important Red Hat update for OpenOffice.org resolves buffer overflows and enhances overall security for users.
Updated openoffice.org packages that correct security issues are now available for Red Hat Enterprise Linux 3, 4, and 5

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

Summary

OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor, and a drawing program.
An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in Microsoft Word documents. An attacker could create a specially-crafted Microsoft Word document, which once opened by an unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-0200, CVE-2009-0201)
All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect.

Topics%20covered

Topics Covered

security advisory update buffer overflow code execution important red hat enterprise openoffice.org

References

https://www.cve.org/CVERecord?id=CVE-2009-0200 https://www.cve.org/CVERecord?id=CVE-2009-0201 https://access.redhat.com/security/updates/classification#important

Package List

Red Hat Enterprise Linux AS version 3:
Source:
i386: openoffice.org-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-44.2.0.EL3.i386.rpm
x86_64: openoffice.org-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-44.2.0.EL3.i386.rpm
Red Hat Desktop version 3:
Source:
i386: openoffice.org-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-44.2.0.EL3.i386.rpm
x86_64: openoffice.org-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-44.2.0.EL3.i386.rpm
Red Hat Enterprise Linux ES version 3:
Source:
i386: openoffice.org-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-44.2.0.EL3.i386.rpm
x86_64: openoffice.org-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-debuginfo-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-i18n-1.1.2-44.2.0.EL3.i386.rpm openoffice.org-libs-1.1.2-44.2.0.EL3.i386.rpm


Read the Full Advisory


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2009:1426-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2009:1426.html
Issue date: 2009-09-04

Topic

Updated openoffice.org packages that correct security issues are nowavailable for Red Hat Enterprise Linux 3, 4, and 5.This update has been rated as having important security impact by the RedHat Security Response Team.

Topics%20covered

Topics Covered

security advisory update buffer overflow code execution important red hat enterprise openoffice.org

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 3 - i386, x86_64

Red Hat Desktop version 3 - i386, x86_64

Red Hat Enterprise Linux ES version 3 - i386, x86_64

Red Hat Enterprise Linux WS version 3 - i386, x86_64

Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, x86_64

Red Hat Enterprise Linux WS version 4 - i386, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

RHEL Desktop Workstation (v. 5 client) - i386, x86_64

RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64

Bugs Fixed

500993 - CVE-2009-0200 OpenOffice.org Word document Integer Underflow

502194 - CVE-2009-0201 OpenOffice.org Word document buffer overflow

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here