Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: February 23rd, 2015
Linux Advisory Watch: February 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Fedora Core 5 Update: Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora A heap overflow flaw was found in the RTF import filer. An attacker could create a carefully crafted RTF file that could cause to crash or possibly execute arbitrary code if the file was opened by a victim. All users of are advised to upgrade to these updated packages, which contain a backported fix to correct this issue.
Fedora Update Notification

Product     : Fedora Core 5
Name        :
Version     : 2.0.2
Release     : 5.22.2
Summary     : comprehensive office suite.
Description : is an Open Source, community-developed, multi-platform
office productivity suite.  It includes the key desktop applications,
such as a word processor, spreadsheet, presentation manager, formula
editor and drawing program, with a user interface and feature set
similar to other office suites.  Sophisticated and flexible, also works transparently with a variety of file
formats, including Microsoft Office.

Usage: Simply type "ooffice" to run or select the
requested component (Writer, Calc, Draw, Impress, etc.) from your
desktop menu. On first start a few files will be installed in the
user's home, if necessary.

The team hopes you enjoy working with!

Update Information:

A heap overflow flaw was found in the RTF import filer. An
attacker could create a carefully crafted RTF file that
could cause to crash or possibly execute
arbitrary code if the file was opened by a victim.

All users of are advised to upgrade to these
updated packages, which contain a backported fix to correct
this issue. 
* Fri Jun  1 2007 Caolan McNamara  - 1:2.0.2-5.22
- Resolves: CVE-2007-0245 ooo#77214 rtf prtdata
* Tue Feb 20 2007 Caolan McNamara  - 1:2.0.2-5.21
- Resolves: CVE-2007-0239 rhbz#228008 shell escape
- Resolves: CVE-2007-0238 rhbz#226966 buffer overflows
* Mon Dec  4 2006 Caolan McNamara  - 1:2.0.2-5.20
- Resolves: rhbz#217347
* Wed Sep 27 2006 Caolan McNamara  - 1:2.0.2-5.19
- add for rh#206177#
- add for rh#206051#
* Tue Sep  5 2006 Caolan McNamara  - 1:2.0.2-5.18
- add
- add
* Fri Jul  7 2006 Caolan McNamara  - 1:2.0.2-5.17
- rh#197618# add
- add to make 
  ~/.recently-used safe
- add
- rh#198603# gcc ate my office suite, add
- gcc#28370# I'm suspicious of these statics lately
* Fri Jun 30 2006 Caolan McNamara  - 1:2.0.2-5.16
- CVE-2006-2198 macro security
- CVE-2006-2199 java applets
- CVE-2006-3117 corrupt file format
- rh#195637# add
- add to
  fix visibility problem
* Thu Jun  8 2006 Caolan McNamara  - 1:2.0.2-5.13
- rh#193918# add

This update can be downloaded from:

94c39424779fcfdb091597e393ef9044dc6972f7  SRPMS/
94c39424779fcfdb091597e393ef9044dc6972f7  noarch/
8c5df7147d4b40ee88e15c9d071ea6813de57bbb  ppc/
f443fd85c7a65bdfa4ceaa2ec27b6eb25feb5b6f  ppc/
ed2c57ab645ea1aff2e1bca3cca36dbc5e7cae30  ppc/
98a08a9dcc845ce8f9b14f94134fe100f8faff1f  ppc/
128d211dc893bc891a6e09ac247946a649f693f4  ppc/
2dba59a145d988631cef42095b4013cf32e2b2c7  ppc/
1e50963b39dd036c166aa73e0969e765465155e9  ppc/
cd2d49a9cc13c44f921bb7b3cbf6f4e815405958  ppc/
fbb5f818c0f83129ffad8f12940e926cc74317a5  ppc/
bb442d47a8fed93bfa42f4b83df1afc8aa3df0a2  ppc/
22f37d90b734c0daf1f0faa1a5562b8e36979ee5  ppc/
89c9590e8c1912a32045646a348241a94800d392  ppc/
fa582595e16141d00142507e7f2e7f0813cd3fa1  ppc/
97eb5de2ccf5d65022690a8b0e15c582f1020121  ppc/
05b543e7c725bf9b4a7e90cad61187f34deb097b  ppc/
cecaaea7469dd1627c2c85261e675b7f09280389  ppc/
c559ff7ee784d64cfd9c6fdf131113088af06fe4  ppc/
4ab8ae21c9187f6577243c87fd6d27b36d3b3d8f  ppc/
063fc2f90bca17a81da802963a82081ac7bfc560  ppc/
cf8fc7371cd70c60a8f6d5c153be7c8e649254c7  ppc/
66bdaf198d1bb08dc284c1bf6fcbcb486a950f0c  ppc/
fc260cede363e68f838ed39dda85c64457571bcd  ppc/
f108a10a13c9c24391663654e3636544a31d00a1  ppc/
38c1f2e319d1d7f2f5a9cc9bb76838c5c8841b79  ppc/
6c7d02922307c2939463112c397369d03d70d848  ppc/
a02c44bc0f7d5ec41e93ca99d33a39b211abd2f2  ppc/
433570e8cce77db9ad8d3846cee14adaec6997bb  ppc/
0dc019f23a3c19d63e27e0a242c0582cbc816e88  ppc/
739f523cf7b4ed987d4b92e94464abaaa1b204b3  ppc/
afa92925ddfbb765d661044af1436e8e8be051d0  ppc/
042a3f0700d10aaf7a9e78b7544a6f8087cfc846  ppc/
97cd305798cc26828c4ec9e89d600fe1a2a8df78  ppc/
95003fe3dfa8c5fdb8e4035ba6f06628d89bb209  ppc/
a6a83b5915d8db6624d3e140121c4d8f0fd5f7c6  ppc/
6d6863b917e297d8dad71d80f27caa5fa2154c49  ppc/
609b7e38546b94ca886b56c3f70d407c67677ede  ppc/
0ec6b05e9d33016c7fd905c5abde7b2b4a050fe0  ppc/
d988e0195fb4d0f5a560a1a0432bcf664ec42083  ppc/
bde0d5bc5cec4ceec015d1ccc3d705bb5a2cd0dc  ppc/
27b74b1f58161e55c70e58d760ddf707b76c77b7  ppc/
793d52a7014720bb2f502fcb623d37ddb38b399b  ppc/
4dc23355d1c4f896a8782ade23da31e467789f40  ppc/
4a9ed851aa3130d791fbfd2cee39d8251ca454dd  ppc/
75ba26e76d83130a9248b39314f40c3a05266a73  ppc/
30112aa1b9e8862662242cd65a082426be10076d  ppc/
9197db3ba13d79c69e2f22e01625c6663b6dc0c8  ppc/
5a32099e3879359fcaa3ee3ba33cbcc91773e6b1  ppc/
2977afe91cbea15df407a9ad1c3c6fdbad9b6866  ppc/
c54b1679f0f2259f844da79d9cf15b1dc82cda59  ppc/
ebd59860adf72ae94e524d54a5f5007280a3a9e5  ppc/
33cecd34b7d50395b997a1759ec2dc378e61eab3  ppc/debug/
dd8f030999d0863cb7e716b8cfefbf793368a929  ppc/
23b319aedc8d45128fc28466741cacce58de380b  ppc/
99270c787c0113afd9526bf9fa7120f707aecd0f  ppc/
b462f352ac3ed01ca6423a6a5c4b5cdc7ef048d4  ppc/
db8fbb7b12dc8e80390b5558a8f45053caf38de5  ppc/
8ee0004ec76d1f0e697374f3a0cc76fdbd6d1ceb  ppc/
3fe53ab89c6c90acf513419222ac4c4921535698  ppc/
a47a4aff1a762799b19f2ad3f7b52dcfba2d63f5  ppc/
d93108d810e71b05efcf6cbe3bf4af8cfcc25444  i386/
7d30d5c622fe0e6e9ab97c5831c8e6eaefa6567d  i386/
86867d7bde49c1bb5acec2ca3eaf67e54b17270a  i386/
454a8849a584f22d9f30133461fb1937b30b6f58  i386/
76a746a82f6397333ec8fe8e1e97c6a54f0afebf  i386/
e09ee2b426e1976e9e55c8a1b0164406b7b8b8d9  i386/
01174d3c8daf61518095811f59304435181831f0  i386/
adb7b44909a38b78b1c40a5a6e23805fc8abf1cb  i386/
f59ed00557ba8f940c1e91652f7197322d02455b  i386/
96001fe4fe9cdb80f0a5881a30ea7ab28a10e9f0  i386/
1e174445512f4c524920b4fd2a3ffed07a678992  i386/
cf05aac8be4d6ecefc28d067b59f7b2bfd548062  i386/
7e643e54062e33d09062609a8158777aa545166e  i386/
0ff0048f69f56f4277dc8cf9c7814706e630df40  i386/
5d4e6e6220c81d73400ad99d1414461c473aee7f  i386/
a89715575e1900e4c65fa2bd065d757bd6da1346  i386/
fc2b8493de1af9bc8624fac8c90de3a59bbd6d8d  i386/
b1b07cfceabe9b4769f657796f7f97484409879d  i386/
f5d6e76e5e148b5e9c2694c2a5ec58949d47e54b  i386/
6ed3c1bf7f2b3840eca58c60cf1dc606632c6d63  i386/
c0de357ebad4d5d81a38559cd4fd95659d8f1e08  i386/
65319491a9d4b0d11dba89cc7be7ec9b9fb63931  i386/
f2456e194ce75b03d171fe8db9a1f1063f1b5632  i386/
e62a1b937ee956c81a41fde511caf9cdcec73d28  i386/
9b2d75de84e8b5cff19beed92c5c0af89605a210  i386/
7fc09e8c4dd286791e3521543cfcd8189cb38b7c  i386/
7875d2a40eb561f6212362f537f80603c6ca8798  i386/debug/
223a335ccbcb1030b152c85c70767a5f2e7fe0d9  i386/
3fbeb6cb53ce778a150a91c69c6f7e668374ca2d  i386/
565f72a76153ebf7ed7e69d56c2dfe1b1cf84983  i386/
54d48d27e1a931c9a9bff28fd8ba0eb37079cfc6  i386/
59d1644885e300e1e327d7ff45290fd3bb5ed471  i386/
364ba0ce27cd1bae758295510742f5e3380fcb82  i386/
8effe4643eeeb628bd9f76f679616bb25f1bdd7b  i386/
d431982f04bef3a3c002249ff90ea81f3e8744f8  i386/
bdca24079b8c2761c89cb8459e931faf3ee9f840  i386/
5eaf8a11033ba73aef37876d5c271564bc7c772a  i386/
be40c1a4375fb9a4f75a23e1195c02bad44cd5ba  i386/
8a80fade0f6c5003b5aebd9fe09290a50245b6d5  i386/
ec60981775a76cfd87dfde118418633ff18971c0  i386/
ad62165faffaaafd6a7a01fcde81ddd1c44758b6  i386/
32a0ab7d9686944c8fb80bed9bf9df4817538cfe  i386/
687f03a0b97b0d03627c3d845052ef21080fdfe5  i386/
2e3aceaa456697e5c06abbae0be5a013a21e7afd  i386/
4ca7c401ca894902d4de6d0c2f151ff2bba7958c  i386/
5fd3bbe64517197aaadd303b7f4d64854386b133  i386/
239b59585fc11520ccbed0a6be3ef806a110a756  i386/
02d66e21577219308cb473f5de40bb80aea1c167  i386/
342037de49f6714b5487b87fc6a7a35920fc5c1a  i386/
49ce8b384dce0b722204ea1f70605d73d05a2217  i386/
367e804f5d78a2e076ad74be2d8f3b711127c453  i386/
763130671d02b7e25f20288ca230f91cc8a32468  i386/
e2d5e06686abf32efcefb9e3a08338efbe57d488  i386/
30894149fce03a241bf0ed5bd3259793c8cdc1df  i386/
0aa7b0ded802acdc26ae1a72b8f6ce40d42ef307  i386/
94721c60bf5ae1a0dc4eabbb127b6b08f328f017  i386/
ca90037d336574ad0fe0118579f24eb5b5e9320e  i386/
23cd04f656dc2e460f1b223c3747d8d3ec76fe8f  i386/
ae1a21184257a55b48cc067a2aa25ffb1fd37acc  i386/

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at

Fedora-package-announce mailing list
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
More than 1 million WordPress websites imperiled by critical plugin bug
Yahoo exec goes mano a mano with NSA director over crypto backdoors
Update: Superfish is the Real End of SSL
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.