Gentoo Security Advisory GLSA 200603-25 (openoffice Openoffice-bin) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200603-25.

Solution

All OpenOffice.org binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/openoffice-bin-2.0.2' All OpenOffice.org users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/openoffice-2.0.1-r1' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200603-25 http://bugs.gentoo.org/show_bug.cgi?id=126433 http://www.hardened-php.net/advisory_242005.109.html http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml

Insight

OpenOffice.org contains a vulnerable version of libcurl that may cause a heap overflow when parsing URLs.

Severity

Classification

CVE CVE-2005-4077

CVSS	Base Score: 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Gentoo Security Advisory GLSA 200312-06 (xchat)
Gentoo Security Advisory GLSA 200407-03 (Apache)
Gentoo Security Advisory GLSA 200409-07 (xv)
Gentoo Security Advisory GLSA 200402-04 (Gallery)
Gentoo Security Advisory GLSA 200502-13 (Perl)

Gentoo Security Advisory GLSA 200603-25 (openoffice openoffice-bin)

Take action and discover your vulnerabilities