News

=========================================================== Ubuntu Security Notice USN-609-1 May 06, 2008 hsqldb, openoffice.org/-amd64 vulnerabilities CVE-2007-4575, CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libhsqldb-java 1.8.0.2-1ubuntu1.1 openoffice.org-core 2.0.2-2ubuntu12.6 openoffice.org2-base 2.0.2-2ubuntu12.6 Ubuntu 7.04: libhsqldb-java 1.8.0.7-1ubuntu2.1 openoffice.org-core 2.2.0-1ubuntu6 Ubuntu 7.10: libhsqldb-java 1.8.0.8-1ubuntu1.1 openoffice.org-core 1:2.3.0-1ubuntu5.4 After a standard system upgrade you need to restart OpenOffice.org to effect the necessary changes. Details follow: It was discovered that arbitrary Java methods were not filtered out when opening databases in OpenOffice.org. If a user were tricked into running a specially crafted query, a remote attacker could execute arbitrary Java with user privileges. (CVE-2007-4575) Multiple memory overflow flaws were discovered in OpenOffice.org's handling of Quattro Pro, EMF, and OLE files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. (CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320)