---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated openoffice.org packages resolve security issue
Advisory ID:       RHSA-2004:446-01
Issue date:        2004-09-15
Updated on:        2004-09-15
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0752
---------------------------------------------------------------------

1. Summary:

Updated openoffice.org packages that fix a security issue in temporary file
handling are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - i386
Red Hat Desktop version 3 - i386
Red Hat Enterprise Linux ES version 3 - i386
Red Hat Enterprise Linux WS version 3 - i386

3. Problem description:

OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation manager,
formula editor, and drawing program.

Secunia Research reported an issue with the handling of temporary files.  A
malicious local user could use this flaw to access the contents of another
user's open documents.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0752 to this issue.

All users of OpenOffice.org are advised to upgrade to these updated
packages which contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

     http://www.redhat.com/docs/manuals/enterprise/

5. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: 

e71cc56e9b9bf55a138b1af8b6da6ceb  openoffice.org-1.1.0-16.14.EL.src.rpm

i386:
622d3edf4ce2cc890dc1426e34884429  openoffice.org-1.1.0-16.14.EL.i386.rpm
ecc099305001b53795fc39e4717563df  openoffice.org-i18n-1.1.0-16.14.EL.i386.rpm
4f60302463e8df8f76e4eb17e261991b  openoffice.org-libs-1.1.0-16.14.EL.i386.rpm

Red Hat Desktop version 3:

SRPMS: 

e71cc56e9b9bf55a138b1af8b6da6ceb  openoffice.org-1.1.0-16.14.EL.src.rpm

i386:
622d3edf4ce2cc890dc1426e34884429  openoffice.org-1.1.0-16.14.EL.i386.rpm
ecc099305001b53795fc39e4717563df  openoffice.org-i18n-1.1.0-16.14.EL.i386.rpm
4f60302463e8df8f76e4eb17e261991b  openoffice.org-libs-1.1.0-16.14.EL.i386.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: 

e71cc56e9b9bf55a138b1af8b6da6ceb  openoffice.org-1.1.0-16.14.EL.src.rpm

i386:
622d3edf4ce2cc890dc1426e34884429  openoffice.org-1.1.0-16.14.EL.i386.rpm
ecc099305001b53795fc39e4717563df  openoffice.org-i18n-1.1.0-16.14.EL.i386.rpm
4f60302463e8df8f76e4eb17e261991b  openoffice.org-libs-1.1.0-16.14.EL.i386.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: 

e71cc56e9b9bf55a138b1af8b6da6ceb  openoffice.org-1.1.0-16.14.EL.src.rpm

i386:
622d3edf4ce2cc890dc1426e34884429  openoffice.org-1.1.0-16.14.EL.i386.rpm
ecc099305001b53795fc39e4717563df  openoffice.org-i18n-1.1.0-16.14.EL.i386.rpm
4f60302463e8df8f76e4eb17e261991b  openoffice.org-libs-1.1.0-16.14.EL.i386.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
 

6. References:
 
About Secunia Research | Flexera 
CVE -CVE-2004-0752

7. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at  

Copyright 2004 Red Hat, Inc.

Red Hat: openoffice.org resolve security issue

Secunia Research reported an issue with the handling of temporary files

Summary



Summary

OpenOffice.org is an office productivity suite that includes desktopapplications such as a word processor, spreadsheet, presentation manager,formula editor, and drawing program.Secunia Research reported an issue with the handling of temporary files. Amalicious local user could use this flaw to access the contents of anotheruser's open documents. The Common Vulnerabilities and Exposures project(cve.mitre.org) has assigned the name CAN-2004-0752 to this issue.All users of OpenOffice.org are advised to upgrade to these updatedpackages which contain a backported patch to correct this issue.


Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. RPMs required:
Red Hat Enterprise Linux AS version 3:
SRPMS:
e71cc56e9b9bf55a138b1af8b6da6ceb openoffice.org-1.1.0-16.14.EL.src.rpm
i386: 622d3edf4ce2cc890dc1426e34884429 openoffice.org-1.1.0-16.14.EL.i386.rpm ecc099305001b53795fc39e4717563df openoffice.org-i18n-1.1.0-16.14.EL.i386.rpm 4f60302463e8df8f76e4eb17e261991b openoffice.org-libs-1.1.0-16.14.EL.i386.rpm
Red Hat Desktop version 3:
SRPMS:
e71cc56e9b9bf55a138b1af8b6da6ceb openoffice.org-1.1.0-16.14.EL.src.rpm
i386: 622d3edf4ce2cc890dc1426e34884429 openoffice.org-1.1.0-16.14.EL.i386.rpm ecc099305001b53795fc39e4717563df openoffice.org-i18n-1.1.0-16.14.EL.i386.rpm 4f60302463e8df8f76e4eb17e261991b openoffice.org-libs-1.1.0-16.14.EL.i386.rpm
Red Hat Enterprise Linux ES version 3:
SRPMS:
e71cc56e9b9bf55a138b1af8b6da6ceb openoffice.org-1.1.0-16.14.EL.src.rpm
i386: 622d3edf4ce2cc890dc1426e34884429 openoffice.org-1.1.0-16.14.EL.i386.rpm ecc099305001b53795fc39e4717563df openoffice.org-i18n-1.1.0-16.14.EL.i386.rpm 4f60302463e8df8f76e4eb17e261991b openoffice.org-libs-1.1.0-16.14.EL.i386.rpm
Red Hat Enterprise Linux WS version 3:
SRPMS:
e71cc56e9b9bf55a138b1af8b6da6ceb openoffice.org-1.1.0-16.14.EL.src.rpm
i386: 622d3edf4ce2cc890dc1426e34884429 openoffice.org-1.1.0-16.14.EL.i386.rpm ecc099305001b53795fc39e4717563df openoffice.org-i18n-1.1.0-16.14.EL.i386.rpm 4f60302463e8df8f76e4eb17e261991b openoffice.org-libs-1.1.0-16.14.EL.i386.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from

References

About Secunia Research | Flexera CVE -CVE-2004-0752

Package List


Severity
Advisory ID: RHSA-2004:446-01
Issued Date: : 2004-09-15
Updated on: 2004-09-15
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0752

Topic

Updated openoffice.org packages that fix a security issue in temporary filehandling are now available.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 3 - i386

Red Hat Desktop version 3 - i386

Red Hat Enterprise Linux ES version 3 - i386

Red Hat Enterprise Linux WS version 3 - i386


Bugs Fixed


Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved