View Full Version : USN-524-1: OpenOffice.org vulnerability

October 5th, 2007, 06:10 AM
Referenced CVEs:

================================================== ========= Ubuntu Security Notice USN-524-1 October 04, 2007 openoffice.org/-amd64 vulnerability CVE-2007-2834 ================================================== ========= A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: openoffice.org-core 2.0.2-2ubuntu12.5 openoffice.org2-base 2.0.2-2ubuntu12.5 Ubuntu 6.10: openoffice.org-core 2.0.4-0ubuntu7 Ubuntu 7.04: openoffice.org-core 2.2.0-1ubuntu5 After a standard system upgrade you need to restart OpenOffice to affect the necessary changes. Details follow: An integer overflow was discovered in the TIFF handling code in OpenOffice. If a user were tricked into loading a malicious TIFF image, a remote attacker could execute arbitrary code with user privileges.

More... (http://www.ubuntu.com/usn/usn-524-1)