Mandrake Security Advisory MDVSA-2009:070 (openoffice.org) Network Vulnerability

Summary

The remote host is missing an update to openoffice.org announced via advisory MDVSA-2009:070.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:070

Insight

senddoc uses temporary files (/tmp/log.obr.4043) in a insecure way which enables local attackers to overwrite arbitrary files by using a symlink attack (CVE-2008-4937). This update provides fix for that vulnerability. Update: Further this update is a rebuild against (lastest) xulrunner 1.9.0.6. Affected: 2008.1

Severity

Classification

CVE CVE-2008-4937

CVSS	Base Score: 2.6 AV:L/AC:H/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Mandriva Update for spamassassin MDKSA-2007:125 (spamassassin)
Mandriva Update for php-apc MDVA-2011:068 (php-apc)
Mandrake Security Advisory MDVSA-2009:091 (mod_perl)
Mandriva Update for cifs-utils MDVSA-2012:069 (cifs-utils)
Mandriva Update for gtk+2.0 MDKSA-2007:039 (gtk+2.0)

Take action and discover your vulnerabilities