GLSA-200603-25 : OpenOffice.org: Heap overflow in included libcurl
Medium Nessus Plugin ID 21160
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200603-25 (OpenOffice.org: Heap overflow in included libcurl)
OpenOffice.org includes libcurl code. This libcurl code is vulnerable to a heap overflow when it tries to parse a URL that exceeds a 256-byte limit (GLSA 200512-09).
An attacker could entice a user to call a specially crafted URL with OpenOffice.org, potentially resulting in the execution of arbitrary code with the rights of the user running the application.
There is no known workaround at this time.
SolutionAll OpenOffice.org binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-office/openoffice-bin-2.0.2' All OpenOffice.org users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-office/openoffice-2.0.1-r1'