--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2008-9333
2008-10-31 08:47:15
--------------------------------------------------------------------------------Name        : openoffice.org
Product     : Fedora 8
Version     : 2.3.0
Release     : 6.17.fc8
URL         : http://www.openoffice.org/
Summary     : OpenOffice.org comprehensive office suite.
Description :
OpenOffice.org is an Open Source, community-developed, multi-platform
office productivity suite.  It includes the key desktop applications,
such as a word processor, spreadsheet, presentation manager, formula
editor and drawing program, with a user interface and feature set
similar to other office suites.  Sophisticated and flexible,
OpenOffice.org also works transparently with a variety of file
formats, including Microsoft Office.

Usage: Simply type "ooffice" to run OpenOffice.org or select the
requested component (Writer, Calc, Impress, etc.) from your
desktop menu. On first start a few files will be installed in the
user's home, if necessary.

--------------------------------------------------------------------------------Update Information:

A security release to address:  - CVE-2008-2237: Manipulated WMF files  -CVE-2008-2238: Manipulated EMF files  as described at
http://www.openoffice.org/security/bulletin.html
--------------------------------------------------------------------------------ChangeLog:

* Wed Oct 29 2008 Caolan McNamara  - 1:2.3.0-6.17
- CVE-2008-2237: Manipulated WMF files
- CVE-2008-2238: Manipulated EMF files
* Wed Aug 27 2008 Caolan McNamara  - 1:2.3.0-6.16
- Resolves: CVE-2008-3282 numeric truncation error in OOo memory allocator
* Tue Jun 10 2008 Caolan McNamara  - 1:2.3.0-6.15
- Resolves: rhbz#450650 CVE-2008-2152
* Thu Apr 17 2008 Caolan McNamara  - 1:2.3.0-6.14
- Resolves: rhbz#435688 CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320
* Sat Apr  5 2008 Caolan McNamara  - 1:2.3.0-6.13
- Resolves: rhbz#440650 mktemp has no --tmpdir on F-8
- Resolves: rhbz#441112 openoffice.org-3.0.0.ooo85691.vcl.tooltipcolor.patch
* Wed Mar 19 2008 Caolan McNamara  - 1:2.3.0-6.12
- Resolves: rhbz#429278 add workspace.sw8u9bf01.patch
- Resolves: rhbz#428574 add workspace.sw24bf02.patch
- remove pixmap leak openoffice.org-2.4.0.ooo85321.vcl.pixmapleak.patch
- Resolves: rhbz#429897 one click print with lpr-only backend fix
- Resolves: rhbz#431606 require jre not java
- Resolves: rhbz#431805 openoffice.org-2.4.0.ooo85931.svx.getentrypos.patch
- Resolves: rhbz#429632 add openoffice.org-2.3.0.ooo86882.vcl.unsigned_int_to_long.patch
- Resolves: rhbz#435590 add openoffice.org-2.4.0.ooo86924.sfx2.iconchanges.patch
- add openoffice.org-2.4.0.ooo86080.unopkg.bodge.patch
- add openoffice.org-2.3.1.ooo83878.unopkg.enablelinking.patch
- add openoffice.org-2.4.0.ooo87204.toolkit.64bitevent.patch
* Fri Jan 11 2008 Caolan McNamara  - 1:2.3.0-6.11
- Resolves: rhbz#426876 add openoffice.org-2.4.0.ooo85055.psprint.linetoolong.patch
- Resolves: rhbz#425701/ooo#83410 try to fix serbian translations
* Wed Jan  2 2008 Caolan McNamara  - 1:2.3.0-6.10
- Resolves: rhbz#427071 openoffice.org-2.3.0.ooo81314.i18npool.crash.patch
* Thu Dec 20 2007 Caolan McNamara  - 1:2.3.0-6.9
- add openoffice.org-2.3.1.ooo84770.svx.eventsmismatch.patch
* Tue Dec 18 2007 Caolan McNamara  - 1:2.3.0-6.8
- Resolves: rhbz#425701 add workspace.locales24.patch
- Resolves: rhbz#423371 openoffice.org-2.3.1.ooo84621.sw.insertexcel.patch
- Resolves: rhbz#410381/rhbz#384401 openoffice.org-2.3.1.ooo84676.ucb.davprotocol.patch
* Mon Dec  3 2007 Caolan McNamara  - 1:2.3.0-6.7
- Resolves: rhbz#303601 CVE-2007-4575 workspace.hsql1808.patch
- add workspace.allowcurloldies.patch because curl became build-time incompatible
  post F-8 release
- add openoffice.org-2.3.0.ooo82966.svx.missing3d.patch
- add openoffice.org-2.3.0.ooo83169.colordialog.crash.patch
- Resolves: rhbz#386371 add workspace.sw8u10bf02.patch
- Resolves: rhbz#384391 add openoffice.org-2.3.1.ooo83930.sw.flushanchors.patch
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #462639 - CVE-2008-2237 OpenOffice.org WMF integer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=462639
  [ 2 ] Bug #466528 - CVE-2008-2238 OpenOffice.org multiple EMF buffer overflows
        https://bugzilla.redhat.com/show_bug.cgi?id=466528
--------------------------------------------------------------------------------This update can be installed with the "yum" update program.  Use 
su -c 'yum update openoffice.org' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce

Fedora 8 Update: openoffice.org-2.3.0-6.17.fc8

October 31, 2008
A security release to address: - CVE-2008-2237: Manipulated WMF files -CVE-2008-2238: Manipulated EMF files as described at http://www.openoffice.org/security/bulletin.html

Summary

OpenOffice.org is an Open Source, community-developed, multi-platform

office productivity suite. It includes the key desktop applications,

such as a word processor, spreadsheet, presentation manager, formula

editor and drawing program, with a user interface and feature set

similar to other office suites. Sophisticated and flexible,

OpenOffice.org also works transparently with a variety of file

formats, including Microsoft Office.

Usage: Simply type "ooffice" to run OpenOffice.org or select the

requested component (Writer, Calc, Impress, etc.) from your

desktop menu. On first start a few files will be installed in the

user's home, if necessary.

A security release to address: - CVE-2008-2237: Manipulated WMF files -CVE-2008-2238: Manipulated EMF files as described at

http://www.openoffice.org/security/bulletin.html

* Wed Oct 29 2008 Caolan McNamara - 1:2.3.0-6.17

- CVE-2008-2237: Manipulated WMF files

- CVE-2008-2238: Manipulated EMF files

* Wed Aug 27 2008 Caolan McNamara - 1:2.3.0-6.16

- Resolves: CVE-2008-3282 numeric truncation error in OOo memory allocator

* Tue Jun 10 2008 Caolan McNamara - 1:2.3.0-6.15

- Resolves: rhbz#450650 CVE-2008-2152

* Thu Apr 17 2008 Caolan McNamara - 1:2.3.0-6.14

- Resolves: rhbz#435688 CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320

* Sat Apr 5 2008 Caolan McNamara - 1:2.3.0-6.13

- Resolves: rhbz#440650 mktemp has no --tmpdir on F-8

- Resolves: rhbz#441112 openoffice.org-3.0.0.ooo85691.vcl.tooltipcolor.patch

* Wed Mar 19 2008 Caolan McNamara - 1:2.3.0-6.12

- Resolves: rhbz#429278 add workspace.sw8u9bf01.patch

- Resolves: rhbz#428574 add workspace.sw24bf02.patch

- remove pixmap leak openoffice.org-2.4.0.ooo85321.vcl.pixmapleak.patch

- Resolves: rhbz#429897 one click print with lpr-only backend fix

- Resolves: rhbz#431606 require jre not java

- Resolves: rhbz#431805 openoffice.org-2.4.0.ooo85931.svx.getentrypos.patch

- Resolves: rhbz#429632 add openoffice.org-2.3.0.ooo86882.vcl.unsigned_int_to_long.patch

- Resolves: rhbz#435590 add openoffice.org-2.4.0.ooo86924.sfx2.iconchanges.patch

- add openoffice.org-2.4.0.ooo86080.unopkg.bodge.patch

- add openoffice.org-2.3.1.ooo83878.unopkg.enablelinking.patch

- add openoffice.org-2.4.0.ooo87204.toolkit.64bitevent.patch

* Fri Jan 11 2008 Caolan McNamara - 1:2.3.0-6.11

- Resolves: rhbz#426876 add openoffice.org-2.4.0.ooo85055.psprint.linetoolong.patch

- Resolves: rhbz#425701/ooo#83410 try to fix serbian translations

* Wed Jan 2 2008 Caolan McNamara - 1:2.3.0-6.10

- Resolves: rhbz#427071 openoffice.org-2.3.0.ooo81314.i18npool.crash.patch

* Thu Dec 20 2007 Caolan McNamara - 1:2.3.0-6.9

- add openoffice.org-2.3.1.ooo84770.svx.eventsmismatch.patch

* Tue Dec 18 2007 Caolan McNamara - 1:2.3.0-6.8

- Resolves: rhbz#425701 add workspace.locales24.patch

- Resolves: rhbz#423371 openoffice.org-2.3.1.ooo84621.sw.insertexcel.patch

- Resolves: rhbz#410381/rhbz#384401 openoffice.org-2.3.1.ooo84676.ucb.davprotocol.patch

* Mon Dec 3 2007 Caolan McNamara - 1:2.3.0-6.7

- Resolves: rhbz#303601 CVE-2007-4575 workspace.hsql1808.patch

- add workspace.allowcurloldies.patch because curl became build-time incompatible

post F-8 release

- add openoffice.org-2.3.0.ooo82966.svx.missing3d.patch

- add openoffice.org-2.3.0.ooo83169.colordialog.crash.patch

- Resolves: rhbz#386371 add workspace.sw8u10bf02.patch

- Resolves: rhbz#384391 add openoffice.org-2.3.1.ooo83930.sw.flushanchors.patch

[ 1 ] Bug #462639 - CVE-2008-2237 OpenOffice.org WMF integer overflow

https://bugzilla.redhat.com/show_bug.cgi?id=462639

[ 2 ] Bug #466528 - CVE-2008-2238 OpenOffice.org multiple EMF buffer overflows

https://bugzilla.redhat.com/show_bug.cgi?id=466528

su -c 'yum update openoffice.org' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-package-announce

FEDORA-2008-9333 2008-10-31 08:47:15 Product : Fedora 8 Version : 2.3.0 Release : 6.17.fc8 URL : http://www.openoffice.org/ Summary : OpenOffice.org comprehensive office suite. Description : OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. Usage: Simply type "ooffice" to run OpenOffice.org or select the requested component (Writer, Calc, Impress, etc.) from your desktop menu. On first start a few files will be installed in the user's home, if necessary. A security release to address: - CVE-2008-2237: Manipulated WMF files -CVE-2008-2238: Manipulated EMF files as described at http://www.openoffice.org/security/bulletin.html * Wed Oct 29 2008 Caolan McNamara - 1:2.3.0-6.17 - CVE-2008-2237: Manipulated WMF files - CVE-2008-2238: Manipulated EMF files * Wed Aug 27 2008 Caolan McNamara - 1:2.3.0-6.16 - Resolves: CVE-2008-3282 numeric truncation error in OOo memory allocator * Tue Jun 10 2008 Caolan McNamara - 1:2.3.0-6.15 - Resolves: rhbz#450650 CVE-2008-2152 * Thu Apr 17 2008 Caolan McNamara - 1:2.3.0-6.14 - Resolves: rhbz#435688 CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320 * Sat Apr 5 2008 Caolan McNamara - 1:2.3.0-6.13 - Resolves: rhbz#440650 mktemp has no --tmpdir on F-8 - Resolves: rhbz#441112 openoffice.org-3.0.0.ooo85691.vcl.tooltipcolor.patch * Wed Mar 19 2008 Caolan McNamara - 1:2.3.0-6.12 - Resolves: rhbz#429278 add workspace.sw8u9bf01.patch - Resolves: rhbz#428574 add workspace.sw24bf02.patch - remove pixmap leak openoffice.org-2.4.0.ooo85321.vcl.pixmapleak.patch - Resolves: rhbz#429897 one click print with lpr-only backend fix - Resolves: rhbz#431606 require jre not java - Resolves: rhbz#431805 openoffice.org-2.4.0.ooo85931.svx.getentrypos.patch - Resolves: rhbz#429632 add openoffice.org-2.3.0.ooo86882.vcl.unsigned_int_to_long.patch - Resolves: rhbz#435590 add openoffice.org-2.4.0.ooo86924.sfx2.iconchanges.patch - add openoffice.org-2.4.0.ooo86080.unopkg.bodge.patch - add openoffice.org-2.3.1.ooo83878.unopkg.enablelinking.patch - add openoffice.org-2.4.0.ooo87204.toolkit.64bitevent.patch * Fri Jan 11 2008 Caolan McNamara - 1:2.3.0-6.11 - Resolves: rhbz#426876 add openoffice.org-2.4.0.ooo85055.psprint.linetoolong.patch - Resolves: rhbz#425701/ooo#83410 try to fix serbian translations * Wed Jan 2 2008 Caolan McNamara - 1:2.3.0-6.10 - Resolves: rhbz#427071 openoffice.org-2.3.0.ooo81314.i18npool.crash.patch * Thu Dec 20 2007 Caolan McNamara - 1:2.3.0-6.9 - add openoffice.org-2.3.1.ooo84770.svx.eventsmismatch.patch * Tue Dec 18 2007 Caolan McNamara - 1:2.3.0-6.8 - Resolves: rhbz#425701 add workspace.locales24.patch - Resolves: rhbz#423371 openoffice.org-2.3.1.ooo84621.sw.insertexcel.patch - Resolves: rhbz#410381/rhbz#384401 openoffice.org-2.3.1.ooo84676.ucb.davprotocol.patch * Mon Dec 3 2007 Caolan McNamara - 1:2.3.0-6.7 - Resolves: rhbz#303601 CVE-2007-4575 workspace.hsql1808.patch - add workspace.allowcurloldies.patch because curl became build-time incompatible post F-8 release - add openoffice.org-2.3.0.ooo82966.svx.missing3d.patch - add openoffice.org-2.3.0.ooo83169.colordialog.crash.patch - Resolves: rhbz#386371 add workspace.sw8u10bf02.patch - Resolves: rhbz#384391 add openoffice.org-2.3.1.ooo83930.sw.flushanchors.patch [ 1 ] Bug #462639 - CVE-2008-2237 OpenOffice.org WMF integer overflow https://bugzilla.redhat.com/show_bug.cgi?id=462639 [ 2 ] Bug #466528 - CVE-2008-2238 OpenOffice.org multiple EMF buffer overflows https://bugzilla.redhat.com/show_bug.cgi?id=466528 su -c 'yum update openoffice.org' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ Fedora-package-announce mailing list Fedora-package-announce@redhat.com http://www.redhat.com/mailman/listinfo/fedora-package-announce

Change Log

References

Update Instructions

Severity
Product : Fedora 8
Version : 2.3.0
Release : 6.17.fc8
URL : http://www.openoffice.org/
Summary : OpenOffice.org comprehensive office suite.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved