9 Jul 02:19
[ MDVSA-2008:137 ] - Updated OpenOffice.org fix vulnerability, and a few other bugs
From: <security <at> mandriva.com>
Subject: [ MDVSA-2008:137 ] - Updated OpenOffice.org fix vulnerability, and a few other bugs
Newsgroups: gmane.comp.security.full-disclosure
Date: 2008-07-09 00:23:00 GMT
Subject: [ MDVSA-2008:137 ] - Updated OpenOffice.org fix vulnerability, and a few other bugs
Newsgroups: gmane.comp.security.full-disclosure
Date: 2008-07-09 00:23:00 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:137 http://www.mandriva.com/security/ _______________________________________________________________________ Package : openoffice.org Date : July 8, 2008 Affected: 2008.1 _______________________________________________________________________ Problem Description: Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. (CVE-2008-2152) Also, according to bug #38874 decimal numbers on Hebrew documents would appear as Arabic characters. Another issue (#39799) is with measurements units configuration to format paragraphs on the menu: (Tools -> Options -> OpenOffice.org Writer -> General). Even setting to centimeters on (Indent & Spacing) option it shows as characters (ch) on (Indents & Spacing) configuration on the menu: (Format -> Paragraph -> Indents & Spacing). Moreover, a document holding Notes edited on Microsoft Office would not show when opened with OpenOffice.(Continue reading)
RSS Feed