Ubuntu Security Notice USN-121-1
6th May, 2005
openoffice.org vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
- Ubuntu 4.10
Details
The StgCompObjStream::Load() failed to check the validity of a length
field in documents. If an attacker tricked a user to open a specially
crafted OpenOffice file, this triggered a buffer overflow which could
lead to arbitrary code execution with the privileges of the user
opening the document.
The update for Ubuntu 5.04 (Hoary Hedgehog) also contains a
translation update: The "openoffice.org-l10n-xh" package now contains
actual Xhosa translations (the previous version just shipped English
strings).
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.04:
- openoffice.org-l10n-xh
- openoffice.org-bin
- Ubuntu 4.10:
- openoffice.org-l10n-xh
- openoffice.org-bin
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None