Scientific Linux Security Update : openoffice.org on SL3.x, SL4.x, SL5.x i386/x86_64
High Nessus Plugin ID 60661
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionCVE-2009-0200 OpenOffice.org Word document Integer Underflow
CVE-2009-0201 OpenOffice.org Word document buffer overflow
An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by an unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-0200, CVE-2009-0201)
Allrunning instances of OpenOffice.org applications must be restarted for this update to take effect.
Note: The openoffice.org2 update for SL4 has been delayed.
SolutionUpdate the affected packages.