Package : openoffice.org Vulnerability : several Problem type : local (remote) Debian-specific: no CVE IDs : CVE-2008-2237 CVE-2008-2238
Several vulnerabilities have been discovered in the OpenOffice.org office suite:
CVE-2008-2237
The SureRun Security team discovered a bug in the WMF file parser that can be triggered by manipulated WMF files and can lead to heap overflows and arbitrary code execution.
CVE-2008-2238
An anonymous researcher working with the iDefense discovered a bug in the EMF file parser that can be triggered by manipulated EMF files and can lead to heap overflows and arbitrary code execution.
For the stable distribution (etch) these problems have been fixed in version 2.0.4.dfsg.2-7etch6.
For the unstable distribution (sid) these problems have been fixed in version 2.4.1-12.
For the experimental distribution these problems have been fixed in version 3.0.0~rc3-1.
We recommend that you upgrade your OpenOffice.org package.
Upgrade Instructions - --------------------
wget url will fetch the file for you dpkg -i file.deb will install the referenced file.
If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:
apt-get update will update the internal database apt-get upgrade will install corrected packages
You may use an automated update by adding the resources from the footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch - -------------------------------