Ubuntu
openoffice.org package

heap overflow in OpenOffice.org RTF parsing routine

Bug #120400 reported by disabled.user
254
Affects Status Importance Assigned to Milestone
openoffice.org (Ubuntu)
Fix Released
High
Matthias Klose
Dapper
Fix Released
High
Chris Cheney
Edgy
Fix Released
High
Chris Cheney
Feisty
Fix Released
High
Matthias Klose
Gutsy
Fix Released
High
Matthias Klose

Bug Description

Binary package hint: openoffice.org

From [1]:

"John Heasman discovered a heap overflow in the routines of OpenOffice.org
that parse RTF files. A specially crafted RTF file could cause the
filter to overwrite data on the heap, which may lead to the execution
of arbitrary code."

This affects all versions of OpenOffice.org up to (and including) 2.2.0.

Please provide updated packages as soon as possible.

[1] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00065.html
[2] http://www.heise-security.co.uk/news/91132
[3] (in German) http://www.heise.de/security/news/meldung/91113

CVE References

Chris Cheney (ccheney)
Changed in openoffice.org:
importance: Undecided → Critical
status: Unconfirmed → Confirmed
Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

No news on this one after almost two weeks? Sorry for my impatience, but this is a "confirmed" security-related bug with a status of "critical" in a vital Ubuntu component, so I think there's quite some urge to release a security update as fast as possible.

Kees Cook (kees)
Changed in openoffice.org:
assignee: nobody → doko
status: New → In Progress
importance: Undecided → High
importance: Critical → High
assignee: nobody → doko
status: Confirmed → In Progress
assignee: nobody → ccheney
status: New → Fix Committed
importance: Undecided → High
assignee: nobody → ccheney
importance: Undecided → High
status: New → Fix Committed
Revision history for this message
Chris Cheney (ccheney) wrote :

I have uploaded the security fixes for Dapper and Edgy today. I believe that Matthias is still working on Feisty and Gutsy fixes.

Matthias Klose (doko)
Changed in openoffice.org:
status: In Progress → Fix Committed
Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Nothing new on this one? When will the fixed packages be available?

Revision history for this message
Kees Cook (kees) wrote :

There have been some unexpected problems with some of the build architectures. This should be sorted out shortly. Sorry for the delay.

Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Sorry if I'm bugging with this, but this security-related bug has been unresolved for almost a whole month now, and OpenOffice.org is part of Ubuntu's main repositories. The time it takes Ubuntu to provide updated packages for security vulnerabilities in some areas (just take a look how long it took Ubuntu to provide updated Firefox packages in recent months) is way to long. I can't stress this enough, for an enterprise-quality-intended release like Dapper security fixes need to be provided much, much faster.

Revision history for this message
Kees Cook (kees) wrote :

This has been released with USN-482-1. I agree, this delay is not good, and we will be working to improve our responsiveness.

Changed in openoffice.org:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
status: In Progress → Fix Released
Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Thanks for finally releasing the fix. It installed fine on my Dapper/amd64 installation.

Revision history for this message
Matthias Klose (doko) wrote :

closing, fixed in the 2.3 snapshots

Changed in openoffice.org:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.