Mandrake Security Advisory MDVSA-2009:006 (openoffice.org) Network Vulnerability

Summary

The remote host is missing an update to openoffice.org announced via advisory MDVSA-2009:006.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:006

Insight

Heap-based overflow on functions to manipulate WMF and EMF files in OpenOffice.org documments enables remote attackers to execute arbitrary code on documments holding certain crafted either WMF or EMF files (CVE-2008-2237) (CVE-2008-2238). This update provide the fix for these security issues and further openoffice.org-voikko package has been updated as it depends on openoffice.org packages. Affected: 2008.0, 2008.1

Severity

Classification

CVE CVE-2008-2237, CVE-2008-2238
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:169 (libtiff)
Mandrake Security Advisory MDVSA-2009:085 (gstreamer0.10-plugins-base)
Mandrake Security Advisory MDVSA-2009:050-1 (python-pycrypto)
Mandrake Security Advisory MDVSA-2009:035 (gstreamer0.10-plugins-good)
Mandrake Security Advisory MDVSA-2009:101 (xpdf)

Take action and discover your vulnerabilities