Vulnerability in OpenOffice
The current version of OpenOffice reportedly contains a security flaw that allows attackers to inject code into a system. The problem apparently only affects the 64-bit version of the office suite. No official patched version is currently available because the 64-bit binary releases only come from Linux distributors, not from developers.
The flaw has, however, already been remedied in the repositories of OpenOffice. Red Hat was one of the first distributors to publish new packages for 64-bit versions under RHEL Desktop Workstation V5 Client and Red Hat Enterprise Linux Desktop V5.
The vulnerability is the result of a flaw in the function
rtl_allocateMemory on 64-bit systems; the function is designed to allow for access to memory outside of a defined array. The problem can reportedly be prevented during compilation by adding the option
- openoffice.org security update, Red Hat error report.
- openoffice.org: numeric truncation error in memory allocator (64bit), Red Hat report on memory allocation error.
- Issue 92217, error in OpenOffice.