Skip to navigation

Security Advisory Important: openoffice.org security update

Advisory: RHSA-2008:0176-7
Type: Security Advisory
Severity: Important
Issued on: 2008-04-17
Last updated on: 2008-04-17
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.6.z)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.6.z)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2007-5746
CVE-2008-0320

Details

Updated openoffice.org 1.x packages to correct multiple security issues are
now available for Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation manager,
formula editor, and drawing program.

A heap overflow flaw was found in the EMF parser. An attacker could create
a carefully crafted EMF file that could cause OpenOffice.org to crash or
possibly execute arbitrary code if the malicious EMF image was added to a
document or if a document containing the malicious EMF file was opened by a
victim. (CVE-2007-5746)

A heap overflow flaw was found in the OLE Structured Storage file parser.
(OLE Structured Storage is a format used by Microsoft Office documents.) An
attacker could create a carefully crafted OLE file that could cause
OpenOffice.org to crash or possibly execute arbitrary code if the file was
opened by a victim. (CVE-2008-0320)

All users of OpenOffice.org are advised to upgrade to these updated
packages, which contain backported fixes to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
openoffice.org-1.1.2-41.2.0.EL3.src.rpm
File outdated by:  RHSA-2010:0643
    MD5: f648958a3b568e0313f5d491a681973c
 
IA-32:
openoffice.org-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 30132e4d796d0734126fb01dc7e0fa85
openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 5b15010b9b20b610e64a1e9a57fddd86
openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 42df2be8f664b971b09b5c82123f6e7d
 
x86_64:
openoffice.org-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 30132e4d796d0734126fb01dc7e0fa85
openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 5b15010b9b20b610e64a1e9a57fddd86
openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 42df2be8f664b971b09b5c82123f6e7d
 
Red Hat Desktop (v. 4)

SRPMS:
openoffice.org-1.1.5-10.6.0.3.EL4.src.rpm
File outdated by:  RHSA-2011:0181
    MD5: 5cc93d03229e785412fcd1b985a62502
 
IA-32:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: 67d74c3831296d2bc3caf2e5f826ec1c
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: e6998f22a7dad1f628f1a1f581feea47
openoffice.org-kde-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: 52b853b9960a1b6425547208d0f6721e
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: c9dce8a840a8f5066f6d07dc40d150ed
 
x86_64:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: 67d74c3831296d2bc3caf2e5f826ec1c
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: e6998f22a7dad1f628f1a1f581feea47
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: c9dce8a840a8f5066f6d07dc40d150ed
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
openoffice.org-1.1.2-41.2.0.EL3.src.rpm
File outdated by:  RHSA-2010:0643
    MD5: f648958a3b568e0313f5d491a681973c
 
IA-32:
openoffice.org-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 30132e4d796d0734126fb01dc7e0fa85
openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 5b15010b9b20b610e64a1e9a57fddd86
openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 42df2be8f664b971b09b5c82123f6e7d
 
x86_64:
openoffice.org-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 30132e4d796d0734126fb01dc7e0fa85
openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 5b15010b9b20b610e64a1e9a57fddd86
openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 42df2be8f664b971b09b5c82123f6e7d
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
openoffice.org-1.1.5-10.6.0.3.EL4.src.rpm
File outdated by:  RHSA-2011:0181
    MD5: 5cc93d03229e785412fcd1b985a62502
 
IA-32:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: 67d74c3831296d2bc3caf2e5f826ec1c
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: e6998f22a7dad1f628f1a1f581feea47
openoffice.org-kde-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: 52b853b9960a1b6425547208d0f6721e
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: c9dce8a840a8f5066f6d07dc40d150ed
 
PPC:
openoffice.org-1.1.5-10.6.0.3.EL4.ppc.rpm
File outdated by:  RHSA-2011:0181
    MD5: 09227fa805d4b69abfe079e15f918f02
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.ppc.rpm
File outdated by:  RHSA-2011:0181
    MD5: 170c422c25eb5cb07318b6793cb410b0
openoffice.org-kde-1.1.5-10.6.0.3.EL4.ppc.rpm
File outdated by:  RHSA-2011:0181
    MD5: 48ccf40ef0fd6250e7e141d6422158c5
openoffice.org-libs-1.1.5-10.6.0.3.EL4.ppc.rpm
File outdated by:  RHSA-2011:0181
    MD5: 18be82384845ef4587f52f4e01f63425
 
x86_64:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: 67d74c3831296d2bc3caf2e5f826ec1c
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: e6998f22a7dad1f628f1a1f581feea47
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: c9dce8a840a8f5066f6d07dc40d150ed
 
Red Hat Enterprise Linux AS (v. 4.6.z)

SRPMS:
openoffice.org-1.1.5-10.6.0.3.EL4.src.rpm
File outdated by:  RHSA-2011:0181
    MD5: 5cc93d03229e785412fcd1b985a62502
 
IA-32:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2008:0538
    MD5: 67d74c3831296d2bc3caf2e5f826ec1c
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2008:0538
    MD5: e6998f22a7dad1f628f1a1f581feea47
openoffice.org-kde-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2008:0538
    MD5: 52b853b9960a1b6425547208d0f6721e
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2008:0538
    MD5: c9dce8a840a8f5066f6d07dc40d150ed
 
PPC:
openoffice.org-1.1.5-10.6.0.3.EL4.ppc.rpm
File outdated by:  RHSA-2008:0538
    MD5: 09227fa805d4b69abfe079e15f918f02
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.ppc.rpm
File outdated by:  RHSA-2008:0538
    MD5: 170c422c25eb5cb07318b6793cb410b0
openoffice.org-kde-1.1.5-10.6.0.3.EL4.ppc.rpm
File outdated by:  RHSA-2008:0538
    MD5: 48ccf40ef0fd6250e7e141d6422158c5
openoffice.org-libs-1.1.5-10.6.0.3.EL4.ppc.rpm
File outdated by:  RHSA-2008:0538
    MD5: 18be82384845ef4587f52f4e01f63425
 
x86_64:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2008:0538
    MD5: 67d74c3831296d2bc3caf2e5f826ec1c
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2008:0538
    MD5: e6998f22a7dad1f628f1a1f581feea47
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2008:0538
    MD5: c9dce8a840a8f5066f6d07dc40d150ed
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
openoffice.org-1.1.2-41.2.0.EL3.src.rpm
File outdated by:  RHSA-2010:0643
    MD5: f648958a3b568e0313f5d491a681973c
 
IA-32:
openoffice.org-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 30132e4d796d0734126fb01dc7e0fa85
openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 5b15010b9b20b610e64a1e9a57fddd86
openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 42df2be8f664b971b09b5c82123f6e7d
 
x86_64:
openoffice.org-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 30132e4d796d0734126fb01dc7e0fa85
openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 5b15010b9b20b610e64a1e9a57fddd86
openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 42df2be8f664b971b09b5c82123f6e7d
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
openoffice.org-1.1.5-10.6.0.3.EL4.src.rpm
File outdated by:  RHSA-2011:0181
    MD5: 5cc93d03229e785412fcd1b985a62502
 
IA-32:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: 67d74c3831296d2bc3caf2e5f826ec1c
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: e6998f22a7dad1f628f1a1f581feea47
openoffice.org-kde-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: 52b853b9960a1b6425547208d0f6721e
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: c9dce8a840a8f5066f6d07dc40d150ed
 
x86_64:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: 67d74c3831296d2bc3caf2e5f826ec1c
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: e6998f22a7dad1f628f1a1f581feea47
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: c9dce8a840a8f5066f6d07dc40d150ed
 
Red Hat Enterprise Linux ES (v. 4.6.z)

SRPMS:
openoffice.org-1.1.5-10.6.0.3.EL4.src.rpm
File outdated by:  RHSA-2011:0181
    MD5: 5cc93d03229e785412fcd1b985a62502
 
IA-32:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2008:0538
    MD5: 67d74c3831296d2bc3caf2e5f826ec1c
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2008:0538
    MD5: e6998f22a7dad1f628f1a1f581feea47
openoffice.org-kde-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2008:0538
    MD5: 52b853b9960a1b6425547208d0f6721e
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2008:0538
    MD5: c9dce8a840a8f5066f6d07dc40d150ed
 
x86_64:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2008:0538
    MD5: 67d74c3831296d2bc3caf2e5f826ec1c
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2008:0538
    MD5: e6998f22a7dad1f628f1a1f581feea47
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2008:0538
    MD5: c9dce8a840a8f5066f6d07dc40d150ed
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
openoffice.org-1.1.2-41.2.0.EL3.src.rpm
File outdated by:  RHSA-2010:0643
    MD5: f648958a3b568e0313f5d491a681973c
 
IA-32:
openoffice.org-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 30132e4d796d0734126fb01dc7e0fa85
openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 5b15010b9b20b610e64a1e9a57fddd86
openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 42df2be8f664b971b09b5c82123f6e7d
 
x86_64:
openoffice.org-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 30132e4d796d0734126fb01dc7e0fa85
openoffice.org-i18n-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 5b15010b9b20b610e64a1e9a57fddd86
openoffice.org-libs-1.1.2-41.2.0.EL3.i386.rpm
File outdated by:  RHSA-2010:0643
    MD5: 42df2be8f664b971b09b5c82123f6e7d
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
openoffice.org-1.1.5-10.6.0.3.EL4.src.rpm
File outdated by:  RHSA-2011:0181
    MD5: 5cc93d03229e785412fcd1b985a62502
 
IA-32:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: 67d74c3831296d2bc3caf2e5f826ec1c
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: e6998f22a7dad1f628f1a1f581feea47
openoffice.org-kde-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: 52b853b9960a1b6425547208d0f6721e
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: c9dce8a840a8f5066f6d07dc40d150ed
 
x86_64:
openoffice.org-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: 67d74c3831296d2bc3caf2e5f826ec1c
openoffice.org-i18n-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: e6998f22a7dad1f628f1a1f581feea47
openoffice.org-libs-1.1.5-10.6.0.3.EL4.i386.rpm
File outdated by:  RHSA-2011:0181
    MD5: c9dce8a840a8f5066f6d07dc40d150ed
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

435675 - CVE-2007-5746 openoffice.org: EMF files parsing EMR_BITBLT record heap overflows
435676 - CVE-2008-0320 openoffice.org: OLE files parsing heap overflows


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/