Red Hat 9042 Published by

An openoffice.org security update has been released for Red Hat Enterprise Linux

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Important: openoffice.org security update
Advisory ID: RHSA-2005:375-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-375.html
Issue date: 2005-04-25
Updated on: 2005-04-25
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0941
----------------------------------------------------------------------

1. Summary:

Updated openoffice.org packages are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Problem description:

OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program.

A heap based buffer overflow bug was found in the OpenOffice.org DOC file processor. An attacker could create a carefully crafted DOC file in such a way that it could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0941 to this issue.

All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes for these issues.



3. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

4. Bug IDs fixed (http://bugzilla.redhat.com/):

154540 - CAN-2005-0941 openoffice.org heap overflow

5. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm
28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm

i386:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

x86_64:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm
28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm

i386:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

x86_64:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm
28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm

i386:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

x86_64:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm
28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm

i386:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

x86_64:
3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm
2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm
afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm
782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm

i386:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
93e50067e6aa036fb4356846b61d730e openoffice.org-kde-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

ppc:
9f9b16a868bac28eea5ae035a41da178 openoffice.org-1.1.2-24.6.0.EL4.ppc.rpm
0bb909a3756f7256d5016cb4e8135906 openoffice.org-i18n-1.1.2-24.6.0.EL4.ppc.rpm
92b028f02db5c193274486119c9ec763 openoffice.org-kde-1.1.2-24.6.0.EL4.ppc.rpm
02e37584c158d993c83d72dfbdc4f265 openoffice.org-libs-1.1.2-24.6.0.EL4.ppc.rpm

x86_64:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm
782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm

i386:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
93e50067e6aa036fb4356846b61d730e openoffice.org-kde-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

x86_64:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm
782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm

i386:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
93e50067e6aa036fb4356846b61d730e openoffice.org-kde-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

x86_64:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm
782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm

i386:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
93e50067e6aa036fb4356846b61d730e openoffice.org-kde-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

x86_64:
700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm
9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm
fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

6. References:

http://www.openoffice.org/issues/show_bug.cgi?id=46388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0941

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.