LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 19th, 2014
Linux Security Week: September 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora 8 Update: openoffice.org-2.3.0-6.17.fc8 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora A security release to address: - CVE-2008-2237: Manipulated WMF files - CVE-2008-2238: Manipulated EMF files as described at http://www.openoffice.org/security/bulletin.html
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-9333
2008-10-31 08:47:15
--------------------------------------------------------------------------------

Name        : openoffice.org
Product     : Fedora 8
Version     : 2.3.0
Release     : 6.17.fc8
URL         : http://www.openoffice.org/
Summary     : OpenOffice.org comprehensive office suite.
Description :
OpenOffice.org is an Open Source, community-developed, multi-platform
office productivity suite.  It includes the key desktop applications,
such as a word processor, spreadsheet, presentation manager, formula
editor and drawing program, with a user interface and feature set
similar to other office suites.  Sophisticated and flexible,
OpenOffice.org also works transparently with a variety of file
formats, including Microsoft Office.

Usage: Simply type "ooffice" to run OpenOffice.org or select the
requested component (Writer, Calc, Impress, etc.) from your
desktop menu. On first start a few files will be installed in the
user's home, if necessary.

--------------------------------------------------------------------------------
Update Information:

A security release to address:  - CVE-2008-2237: Manipulated WMF files  -
CVE-2008-2238: Manipulated EMF files  as described at
http://www.openoffice.org/security/bulletin.html
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 29 2008 Caolan McNamara  - 1:2.3.0-6.17
- CVE-2008-2237: Manipulated WMF files
- CVE-2008-2238: Manipulated EMF files
* Wed Aug 27 2008 Caolan McNamara  - 1:2.3.0-6.16
- Resolves: CVE-2008-3282 numeric truncation error in OOo memory allocator
* Tue Jun 10 2008 Caolan McNamara  - 1:2.3.0-6.15
- Resolves: rhbz#450650 CVE-2008-2152
* Thu Apr 17 2008 Caolan McNamara  - 1:2.3.0-6.14
- Resolves: rhbz#435688 CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320
* Sat Apr  5 2008 Caolan McNamara  - 1:2.3.0-6.13
- Resolves: rhbz#440650 mktemp has no --tmpdir on F-8
- Resolves: rhbz#441112 openoffice.org-3.0.0.ooo85691.vcl.tooltipcolor.patch
* Wed Mar 19 2008 Caolan McNamara  - 1:2.3.0-6.12
- Resolves: rhbz#429278 add workspace.sw8u9bf01.patch
- Resolves: rhbz#428574 add workspace.sw24bf02.patch
- remove pixmap leak openoffice.org-2.4.0.ooo85321.vcl.pixmapleak.patch
- Resolves: rhbz#429897 one click print with lpr-only backend fix
- Resolves: rhbz#431606 require jre not java
- Resolves: rhbz#431805 openoffice.org-2.4.0.ooo85931.svx.getentrypos.patch
- Resolves: rhbz#429632 add openoffice.org-2.3.0.ooo86882.vcl.unsigned_int_to_long.patch
- Resolves: rhbz#435590 add openoffice.org-2.4.0.ooo86924.sfx2.iconchanges.patch
- add openoffice.org-2.4.0.ooo86080.unopkg.bodge.patch
- add openoffice.org-2.3.1.ooo83878.unopkg.enablelinking.patch
- add openoffice.org-2.4.0.ooo87204.toolkit.64bitevent.patch
* Fri Jan 11 2008 Caolan McNamara  - 1:2.3.0-6.11
- Resolves: rhbz#426876 add openoffice.org-2.4.0.ooo85055.psprint.linetoolong.patch
- Resolves: rhbz#425701/ooo#83410 try to fix serbian translations
* Wed Jan  2 2008 Caolan McNamara  - 1:2.3.0-6.10
- Resolves: rhbz#427071 openoffice.org-2.3.0.ooo81314.i18npool.crash.patch
* Thu Dec 20 2007 Caolan McNamara  - 1:2.3.0-6.9
- add openoffice.org-2.3.1.ooo84770.svx.eventsmismatch.patch
* Tue Dec 18 2007 Caolan McNamara  - 1:2.3.0-6.8
- Resolves: rhbz#425701 add workspace.locales24.patch
- Resolves: rhbz#423371 openoffice.org-2.3.1.ooo84621.sw.insertexcel.patch
- Resolves: rhbz#410381/rhbz#384401 openoffice.org-2.3.1.ooo84676.ucb.davprotocol.patch
* Mon Dec  3 2007 Caolan McNamara  - 1:2.3.0-6.7
- Resolves: rhbz#303601 CVE-2007-4575 workspace.hsql1808.patch
- add workspace.allowcurloldies.patch because curl became build-time incompatible
  post F-8 release
- add openoffice.org-2.3.0.ooo82966.svx.missing3d.patch
- add openoffice.org-2.3.0.ooo83169.colordialog.crash.patch
- Resolves: rhbz#386371 add workspace.sw8u10bf02.patch
- Resolves: rhbz#384391 add openoffice.org-2.3.1.ooo83930.sw.flushanchors.patch
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #462639 - CVE-2008-2237 OpenOffice.org WMF integer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=462639
  [ 2 ] Bug #466528 - CVE-2008-2238 OpenOffice.org multiple EMF buffer overflows
        https://bugzilla.redhat.com/show_bug.cgi?id=466528
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openoffice.org' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Google to turn on encryption by default in next Android version
TOR users become FBI's No.1 hacking target after legal power grab
OWASP Releases Latest App Sec Guide
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.