OpenOffice 3.2.1 closes two vulnerabilities

Following the recent release of version 3.2.1 of their open source office suite, the OpenOffice.org development team has published two security bulletins detailing the security issues that were closed in this first point update to the 3.2.x branch.

According Florian Effenberger, the OpenOffice.org Marketing Project Leader, the update addresses a vulnerability related to Python scripting that could lead to the execution of arbitrary code when using the built-in scripting IDE. A second problem affecting OpenOffice 2 and 3 prior to version 3.2.1 has been fixed that is due a SSL / TLS renegotiation vulnerability in third party libraries.

The developers advise all users to upgrade to the latest release as soon as possible. OpenOffice.org 3.2.1 is available to download from the project's site and mirrors for Windows, Mac OS, Linux and Solaris.

See also:

• OpenOffice.org 2 and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party Libraries, an OpenOffice security advisory.
• Security vulnerability in OpenOffice.org related to python scripting, an OpenOffice security advisory.
• OpenOffice 3.2.1 fixes bugs, updates logo, a report from The H.
• Solution for SSL/TLS design weakness in sight, a report from The H.

(crve)