[SECURITY] Fedora 8 Update: openoffice.org-2.3.0-6.14.fc8

updates at fedoraproject.org updates at fedoraproject.org
Tue Apr 22 22:41:54 UTC 2008

Fedora Update Notification
2008-04-22 22:14:35

Name        : openoffice.org
Product     : Fedora 8
Version     : 2.3.0
Release     : 6.14.fc8
URL         : http://www.openoffice.org/
Summary     : OpenOffice.org comprehensive office suite.
Description :
OpenOffice.org is an Open Source, community-developed, multi-platform
office productivity suite.  It includes the key desktop applications,
such as a word processor, spreadsheet, presentation manager, formula
editor and drawing program, with a user interface and feature set
similar to other office suites.  Sophisticated and flexible,
OpenOffice.org also works transparently with a variety of file
formats, including Microsoft Office.

Usage: Simply type "ooffice" to run OpenOffice.org or select the
requested component (Writer, Calc, Impress, etc.) from your
desktop menu. On first start a few files will be installed in the
user's home, if necessary.

Update Information:

Following security issues were addressed in this update:    #
CVE-2007-5745/5747: Manipulated Quattro Pro files can lead to heap overflows and
arbitrary code execution  # CVE-2007-5746: Manipulated EMF files can lead to
heap overflows and arbitrary code execution  # CVE-2008-0320: Manipulated OLE
files can lead to heap overflows and arbitrary code execution

* Thu Apr 17 2008 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.14
- Resolves: rhbz#435688 CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320
* Sat Apr  5 2008 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.13
- Resolves: rhbz#440650 mktemp has no --tmpdir on F-8
- Resolves: rhbz#441112 openoffice.org-3.0.0.ooo85691.vcl.tooltipcolor.patch
* Wed Mar 19 2008 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.12
- Resolves: rhbz#429278 add workspace.sw8u9bf01.patch
- Resolves: rhbz#428574 add workspace.sw24bf02.patch
- remove pixmap leak openoffice.org-2.4.0.ooo85321.vcl.pixmapleak.patch
- Resolves: rhbz#429897 one click print with lpr-only backend fix
- Resolves: rhbz#431606 require jre not java
- Resolves: rhbz#431805 openoffice.org-2.4.0.ooo85931.svx.getentrypos.patch
- Resolves: rhbz#429632 add openoffice.org-2.3.0.ooo86882.vcl.unsigned_int_to_long.patch
- Resolves: rhbz#435590 add openoffice.org-2.4.0.ooo86924.sfx2.iconchanges.patch
- add openoffice.org-2.4.0.ooo86080.unopkg.bodge.patch
- add openoffice.org-2.3.1.ooo83878.unopkg.enablelinking.patch
- add openoffice.org-2.4.0.ooo87204.toolkit.64bitevent.patch
* Fri Jan 11 2008 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.11
- Resolves: rhbz#426876 add openoffice.org-2.4.0.ooo85055.psprint.linetoolong.patch
- Resolves: rhbz#425701/ooo#83410 try to fix serbian translations
* Wed Jan  2 2008 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.10
- Resolves: rhbz#427071 openoffice.org-2.3.0.ooo81314.i18npool.crash.patch
* Thu Dec 20 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.9
- add openoffice.org-2.3.1.ooo84770.svx.eventsmismatch.patch
* Tue Dec 18 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.8
- Resolves: rhbz#425701 add workspace.locales24.patch
- Resolves: rhbz#423371 openoffice.org-2.3.1.ooo84621.sw.insertexcel.patch
- Resolves: rhbz#410381/rhbz#384401 openoffice.org-2.3.1.ooo84676.ucb.davprotocol.patch
* Mon Dec  3 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.7
- Resolves: rhbz#303601 CVE-2007-4575 workspace.hsql1808.patch
- add workspace.allowcurloldies.patch because curl became build-time incompatible
  post F-8 release
- add openoffice.org-2.3.0.ooo82966.svx.missing3d.patch
- add openoffice.org-2.3.0.ooo83169.colordialog.crash.patch
- Resolves: rhbz#386371 add workspace.sw8u10bf02.patch
- Resolves: rhbz#384391 add openoffice.org-2.3.1.ooo83930.sw.flushanchors.patch

  [ 1 ] Bug #435678 - CVE-2007-5745 openoffice.org: Quattro Pro files handling heap overflows in Attribute and Font records
  [ 2 ] Bug #435675 - CVE-2007-5746 openoffice.org: EMF files parsing EMR_BITBLT record heap overflows
  [ 3 ] Bug #435681 - CVE-2007-5747 openoffice.org: Quattro Pro files parsing integer underflow
  [ 4 ] Bug #435676 - CVE-2008-0320 openoffice.org: OLE files parsing heap overflows

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openoffice.org' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the Fedora-package-announce mailing list