USN-121-1: vulnerability

6 May 2005 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description


The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the privileges of the user opening the document.

The update for Ubuntu 5.04 (Hoary Hedgehog) also contains a translation update: The “” package now contains actual Xhosa translations (the previous version just shipped English strings).

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
Ubuntu 4.10

To update your system, please follow these instructions: