Multiple vulnerabilities in OpenOffice.org (CVE-2007-574{5-7}, CVE-2008-0320)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openoffice.org (Ubuntu) |
Fix Released
|
Medium
|
Chris Cheney | ||
Dapper |
Fix Released
|
Medium
|
Chris Cheney | ||
Feisty |
Fix Released
|
Medium
|
Chris Cheney | ||
Gutsy |
Fix Released
|
Medium
|
Chris Cheney | ||
Hardy |
Fix Released
|
Medium
|
Chris Cheney |
Bug Description
Binary package hint: openoffice.org
From the Debian security advisory DSA 1547-1:
"CVE-2007-5745, CVE-2007-5747
Several bugs have been discovered in the way OpenOffice.org parses
Quattro Pro files that may lead to a overflow in the heap
potentially leading to the execution of arbitrary code.
CVE-2007-5746
Specially crafted EMF files can trigger a buffer overflow in the
heap that may lead to the execution of arbitrary code.
CVE-2008-0320
A bug has been discovered in the processing of OLE files that can
cause a buffer overflow in the heap potentially leading to the
execution of arbitrary code."
[...]
"For the stable distribution (etch) these problems have been fixed in
version 2.0.4.dfsg.
For the testing (lenny) and unstable (sid) distributions these
problems have been fixed in version 2.4.0~ooh680m5-1."
Fix committed and waiting on security team to upload.