DesktopLinux
Home  |  News  |  Articles  |  Forum  |  Polls  |  Blogs  |  Videos  |  Resource Library

Keywords: Match:
OpenOffice 2.2 RC4 resolves security problems
Mar. 26, 2007

The OpenOffice.org project team said today that three security vulnerabilities, which had been reported in the last week, have been fully addressed in OpenOffice.org 2.2. The latest release candidate (RC4) of v2.2 -- including all the security fixes -- is now available for download.

The problems, now said to be resolved in v2.2 RC4, included:
  • WordPerfect import vulnerability -- manipulated WordPerfect files can lead to heap overflow and arbitrary code execution in OpenOffice.org 2.0-2.1

  • Manipulated StarCalc files -- the StarCalc parser in all versions prior to 2.2 contains an exploitable stack overlow due to incorrect handling of the "Note" record; thus, if a user opens an untrusted StarCalc document, it can potentially run arbitrary code supplied in the file

  • URL-handling security vulnerability (Linux and Solaris) -- the OpenOffice.org URL handler could allow command execution using shell metacharacters in Linux and Solaris; thus, if a user running OpenOffice.org from a shell terminal in Linux or Solaris opens an untrusted URL, malicious code could be arbitrarily executed on the user's computer (this issue is resolved for Linux but not yet for Solaris)
The release candidates (RCs) aim to enable wide scale testing prior to the final release, and barring last-minute surprises, 2.2 will be identical to the latest RC, a project team member said.

So, if if you have a reason to believe that your use of OpenOffice.org puts you at risk, or if you would like to help the team with the final testing of 2.2, download and use RC4 now, the team member said.

Those who do find problems with release candidate are asked to report them here. "You will be playing a vital role in helping to ensure the ongoing quality of OpenOffice.org," a team spokesperson said.

OpenOffice.org is a multiplatform and multilingual office suite and an open source project. Compatible with other major office suites, such as Microsoft Office, the product is free to download, use, and distribute. It can produce Open Document Format (ODF) and Microsoft Office-compatible documents.

You can download your own copy of OpenOffice.org 2.2 RC4 here (Linux 109MB; Windows 82MB).


Related Stories:

(Click here for further information)
Home  |  News  |  Articles  |  Forum  |  Polls  |  About  |  Contact
 

Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
Tech RSS Feeds | ROI Calculators | Tech Podcasts | Tech Video | VARs | Channel News

Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
eWEEK | Enterprise Network Security | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
Publish | Security IT Hub | Strategic Partner | Web Buyer's Guide | Windows for Devices

Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | igrep

Use of this site is governed by our Terms of Service and Privacy Policy. Except where otherwise specified, the contents of this site are copyright © 1999-2011 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise is prohibited. Linux is a registered trademark of Linus Torvalds. All other marks are the property of their respective owners.