Gentoo 2514 Published by

An OpenOffice update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200405-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: OpenOffice.org vulnerability when using DAV servers
Date: May 11, 2004
Bugs: #47926
ID: 200405-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Several format string vulnerabilities are present in the Neon library included in OpenOffice.org, allowing remote execution of arbitrary code when connected to an untrusted WebDAV server.



Background
=========

OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities.

Affected packages
================

-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-office/openoffice = 1.1.1-r1
2 app-office/openoffice = 1.0.3-r2
3 app-office/openoffice = 1.1.0-r4
4 app-office/openoffice-ximian = 1.1.51-r1
5 app-office/openoffice-ximian-bin