openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-2682)
High Nessus Plugin ID 27137
SynopsisThe remote openSUSE host is missing a security update.
DescriptionFollowing security problems were fixed in OpenOffice_org :
This update also brings OpenOffice_org to version 126.96.36.199, same as SUSE Linux Enterprise Desktop 10 and contains lots of bugfixes.
CVE-2007-0002: Various problems were fixed in the Wordperfect converter library libwpd in OpenOffice_org which could be used by remote attackers to potentially execute code or crash OpenOffice_org.
CVE-2007-0238: A stack overflow in the StarCalc parser could be used by remote attackers to potentially execute code by supplying a crafted document.
CVE-2007-0239: A shell quoting problem when opening URLs was fixed which could be used by remote attackers to execute code by supplying a crafted document and making the user click on an embedded link.
Also support for the upcoming ODF - OfficeXML converter was added.
SolutionUpdate the affected OpenOffice_org packages.