USN-121-1: OpenOffice.org vulnerability

6 May 2005

openoffice.org vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 5.04
  • Ubuntu 4.10

Software Description

Details

The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the privileges of the user opening the document.

The update for Ubuntu 5.04 (Hoary Hedgehog) also contains a translation update: The “openoffice.org-l10n-xh” package now contains actual Xhosa translations (the previous version just shipped English strings).

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 5.04
openoffice.org-bin
openoffice.org-l10n-xh
Ubuntu 4.10
openoffice.org-bin
openoffice.org-l10n-xh

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

References