News

=========================================================== Ubuntu Security Notice USN-444-1 March 27, 2007 openoffice.org(2)/-amd64, ia32-libs-openoffice.org vulnerabilities CVE-2007-0238, CVE-2007-0239 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: openoffice.org2-calc 1.9.129-0.1ubuntu4.3-1 openoffice.org2-core 1.9.129-0.1ubuntu4.3-1 Ubuntu 6.06 LTS: ia32-libs-openoffice.org 11.0.2 openoffice.org-calc 2.0.2-2ubuntu12.3 openoffice.org-core 2.0.2-2ubuntu12.3 openoffice.org2-base 2.0.2-2ubuntu12.3 openoffice.org2-calc 2.0.2-2ubuntu12.3 Ubuntu 6.10: openoffice.org-calc 2.0.4-0ubuntu5 openoffice.org-core 2.0.4-0ubuntu5 After a standard system upgrade you need to restart OpenOffice, or reboot your computer to effect the necessary changes. Details follow: A stack overflow was discovered in OpenOffice.org's StarCalc parser. If a user were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2007-0238) A flaw was discovered in OpenOffice.org's link handling code. If a user were tricked into clicking a link in a specially crafted document, a remote attacker could execute arbitrary shell commands with user privileges. (CVE-2007-0239)