remote code execution

Please Install the Updated Packages.

Several security problems were fixed in the Wordperfect converter library libwpd and OpenOffice_org: For SUSE Linux 10.1 this aligns the version with the one shipped with SUSE Linux Enterprise Desktop 10. - CVE-2007-0002: Various problems were fixed in libwpd in OpenOffice_org which could be used by remote attackers to potentially execute code or crash OpenOffice_org. This library is shipped stand-alone in openSUSE 10.2, but included in OpenOffice_org packages in previous distributions. - CVE-2007-0238: A stack overflow in the StarCalc parser could be used by remote attackers to potentially execute code by supplying a crafted document. This was reported by NGS Software to the OpenOffice team. - CVE-2007-0239: A shell quoting problem when opening URLs was fixed which could be used by remote attackers to execute code by supplying a crafted document and making the user click on an embedded link. Also support for the ODF - OpenXML converter was added to the OpenOffice_org packages.

OpenOffice_org,libwpd on SUSE LINUX 10.1, openSUSE 10.2, Novell Linux Desktop 9, SUSE SLED 10

• http://www.novell.com/linux/security/advisories/2007_23_openoffice.html

---

Updated on 2015-03-25