Solution
Please Install the Updated Packages.
Insight
OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program.
Sean Larsson found a heap overflow flaw in the OpenOffice memory allocator.
If a carefully crafted file was opened by a victim, an attacker could use the flaw to crash OpenOffice.org or, possibly, execute arbitrary code.
(CVE-2008-2152)
It was discovered that certain libraries in the Red Hat Enterprise Linux 3 and 4 openoffice.org packages had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header.
A local user able to convince another user to run OpenOffice in an attacker-controlled directory, could run arbitrary code with the privileges of the victim. (CVE-2008-2366)
All users of openoffice.org are advised to upgrade to these updated packages, which contain backported fixes which correct these issues.
Affected
openoffice.org on CentOS 4
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-2152, CVE-2008-2366 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities