[SECURITY] Fedora 7 Update: openoffice.org-2.3.0-6.8.fc7

updates at fedoraproject.org updates at fedoraproject.org
Sat May 17 22:26:21 UTC 2008


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-4104
2008-05-17 19:19:58
--------------------------------------------------------------------------------

Name        : openoffice.org
Product     : Fedora 7
Version     : 2.3.0
Release     : 6.8.fc7
URL         : http://www.openoffice.org/
Summary     : OpenOffice.org comprehensive office suite.
Description :
OpenOffice.org is an Open Source, community-developed, multi-platform
office productivity suite.  It includes the key desktop applications,
such as a word processor, spreadsheet, presentation manager, formula
editor and drawing program, with a user interface and feature set
similar to other office suites.  Sophisticated and flexible,
OpenOffice.org also works transparently with a variety of file
formats, including Microsoft Office.

Usage: Simply type "ooffice" to run OpenOffice.org or select the
requested component (Writer, Calc, Impress, etc.) from your
desktop menu. On first start a few files will be installed in the
user's home, if necessary.

--------------------------------------------------------------------------------
Update Information:

Following security issues were addressed in this update:    #
CVE-2007-5745/5747: Manipulated Quattro Pro files can lead to heap overflows and
arbitrary code execution  # CVE-2007-5746: Manipulated EMF files can lead to
heap overflows and arbitrary code execution  # CVE-2008-0320: Manipulated OLE
files can lead to heap overflows and arbitrary code execution
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 17 2008 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.8
- CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320
* Sat Apr  5 2008 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.7
- Resolves: rhbz#440650 mktemp has no --tmpdir on F-8
* Thu Jan 24 2008 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.6
- Resolves: rhbz#429897 one click print with lpr-only backend fix
- add openoffice.org-2.3.1.ooo83878.unopkg.enablelinking.patch
- add openoffice.org-2.4.0.ooo86080.unopkg.bodge.patch
* Mon Dec  3 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.5
- Resolves: rhbz#303601 CVE-2007-4575 workspace.hsql1808.patch
- Resolves: rhbz#360461 openoffice.org-2.3.0.ooo83169.colordialog.crash.patch
- Resolves: openoffice.org-2.3.0.ooo83591.vcl.checkboxes.patch
- Resolves: openoffice.org-2.3.1.ooo81307.sw.word2.patch
* Fri Oct 19 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.4
- Resolves: rhbz#338701 fix openoffice.org.ooo82608.vcl.gtkbadfree.patch
* Tue Oct 16 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.3
- Resolves: rhbz#335051 visibility semantics just aren't reliable and 
  its behaviour opaque and is effectively useless.
- Resolves: ooo#82671 print crash
- Resolves: rhbz#334841 fix "all files" glob in in mail merge picker
* Tue Oct 16 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.2
- Resolves: rhbz#333201 dangling symlinks
* Wed Oct 10 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.3.0-6.1
- bump to 2.3.0
- Resolves: rhbz#286221 allow custom printing commands
* Mon Sep 17 2007 Jan Navratil <jnavrati at redhat.com> - 1:2.2.1-18.2
- Resolves: rhbz#251975 CVE-2007-2834 workspace.tipatch8.patch
* Thu Jul 26 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.2.1-18.1
- Resolves: rhbz#245729 openoffice.org-2.2.1.ooo78921.sw.embedded.patch
- Resolves: rhbz#243904 openoffice.org-2.2.1.ooo78383.vcl.printxerror.patch
- Resolves: rhbz#242692 openoffice.org-2.2.1.oooXXXXX.xmloff.outofrange.patch
- Resolves: rhbz#244656 overlapping glyphs in pdf export
- Resolves: rhbz#247781 openoffice.org-2.2.1.ooo79481.sw.rowordcount.patch
- Resolves: ooo#79953 inhibit screensaver during presentations
- Resolves: rhbz#249196 propogate font width types up from the font ooo#79878
- Resolves: rhbz#249568 empty line in autocorrect options
- Resolves: rhbz#245729 openoffice.org-2.2.1.ooo78921.sw.embedded.patch
- Resolves: rhbz#244656 overlapping glyphs in pdf export
- Resolves: rhbz#216332 use cups for all duplex and printer features
- update setlangtolocale for prettier fonts when appropiate langpack is missing
- add openoffice.org-2.2.1.ooo78392.sixtyfour.tools.patch
- add openoffice.org-2.2.1.ooo73728.desktop.mapped_type.patch fix
- add workspace.cmcfixes34.patch for int(0) not being promoted to long
  NULL in ellipsed methods
- drop integrated openoffice.org-2.2.0.ooo74255.vcl.depth.mismatch.patch
- drop integrated workspace.cmcfixes32.patch
* Thu Jun  7 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.2.0-14.11
- Resolves: rhbz#243305 missing xdg file for quickstart restart
- add openoffice.org-2.2.1.ooo78198.sixtyfour.svx.patch
* Fri Jun  1 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.2.0-14.10
- Resolves: CVE-2007-0245
- add workspace.cmcfixes34.patch for int(0) not being promoted to long
  NULL in ellipsed methods
- Resolves: rhbz#241875 get script detection right for range vs point
  in drawing objects ooo#72349
* Thu May 17 2007 Caolan McNamara <caolanm at redhat.com> - 1:2.2.0-14.9
- ooo#77470 Because Liberation fonts will be included in FC-7 we need
  to set the ms font equivalents as their fallbacks in exported to 
  msoffice format documents.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #435678 - CVE-2007-5745 openoffice.org: Quattro Pro files handling heap overflows in Attribute and Font records
        https://bugzilla.redhat.com/show_bug.cgi?id=435678
  [ 2 ] Bug #435681 - CVE-2007-5747 openoffice.org: Quattro Pro files parsing integer underflow
        https://bugzilla.redhat.com/show_bug.cgi?id=435681
  [ 3 ] Bug #435676 - CVE-2008-0320 openoffice.org: OLE files parsing heap overflows
        https://bugzilla.redhat.com/show_bug.cgi?id=435676
  [ 4 ] Bug #435675 - CVE-2007-5746 openoffice.org: EMF files parsing EMR_BITBLT record heap overflows
        https://bugzilla.redhat.com/show_bug.cgi?id=435675
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update openoffice.org' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------




More information about the Fedora-package-announce mailing list