Ubuntu
openoffice.org package

Multiple vulnerabilities in OpenOffice.org (CVE-2007-574{5-7}, CVE-2008-0320)

  1. Dapper (6.06)
  2. Bug #218640
Bug #218640 reported by Till Ulen
258
Affects Status Importance Assigned to Milestone
openoffice.org (Ubuntu)
Fix Released
Medium
Chris Cheney
Dapper
Fix Released
Medium
Chris Cheney
Feisty
Fix Released
Medium
Chris Cheney
Gutsy
Fix Released
Medium
Chris Cheney
Hardy
Fix Released
Medium
Chris Cheney

Bug Description

Binary package hint: openoffice.org

From the Debian security advisory DSA 1547-1:

"CVE-2007-5745, CVE-2007-5747

   Several bugs have been discovered in the way OpenOffice.org parses
   Quattro Pro files that may lead to a overflow in the heap
   potentially leading to the execution of arbitrary code.

CVE-2007-5746

   Specially crafted EMF files can trigger a buffer overflow in the
   heap that may lead to the execution of arbitrary code.

CVE-2008-0320

   A bug has been discovered in the processing of OLE files that can
   cause a buffer overflow in the heap potentially leading to the
   execution of arbitrary code."

[...]

"For the stable distribution (etch) these problems have been fixed in
version 2.0.4.dfsg.2-7etch5.

For the testing (lenny) and unstable (sid) distributions these
problems have been fixed in version 2.4.0~ooh680m5-1."

http://www.debian.org/security/2008/dsa-1547

Revision history for this message
Chris Cheney (ccheney) wrote :

Fix committed and waiting on security team to upload.

Changed in openoffice.org:
importance: Undecided → Critical
status: New → Fix Committed
Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Any progress on this?

Revision history for this message
Kees Cook (kees) wrote :

Addressed by USN: http://www.ubuntu.com/usn/usn-609-1

Changed in openoffice.org:
assignee: nobody → ccheney
status: Fix Committed → Fix Released
assignee: nobody → ccheney
status: New → Fix Released
assignee: nobody → ccheney
importance: Undecided → Medium
status: New → Fix Released
assignee: nobody → ccheney
importance: Undecided → Medium
status: New → Fix Released
assignee: nobody → ccheney
importance: Undecided → Medium
status: New → Fix Released
importance: Critical → Medium
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.