Test ID:	1.3.6.1.4.1.25623.1.0.59557
Category:	Fedora Local Security Checks
Title:	Fedora Core 6 FEDORA-2007-572 (openoffice.org)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to openoffice.org announced via advisory FEDORA-2007-572. OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. Usage: Simply type ooffice to run OpenOffice.org or select the requested component (Writer, Calc, Draw, Impress, etc.) from your desktop menu. On first start a few files will be installed in the user's home, if necessary. The OpenOffice.org team hopes you enjoy working with OpenOffice.org! Update Information: A heap overflow flaw was found in the RTF import filer. An attacker could create a carefully crafted RTF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0245) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix to correct this issue. * Fri Jun 1 2007 Caolan McNamara - 1:2.0.4-5.5.23 - Resolves: CVE-2007-0245 ooo#77214 rtf prtdata - Resolves: rhbz#240738 workspace.dba22b.patch - add workspace.cmcfixes34.patch for int(0) not being promoted to long NULL in ellipsed methods Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-572 Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0245 BugTraq ID: 24450 http://www.securityfocus.com/bid/24450 Bugtraq: 20070613 High risk vulnerability in OpenOffice RTF parser (Google Search) http://www.securityfocus.com/archive/1/471274/100/0/threaded Debian Security Information: DSA-1307 (Google Search) http://www.debian.org/security/2007/dsa-1307 http://www.gentoo.org/security/en/glsa/glsa-200707-02.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:144 http://osvdb.org/35378 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10002 http://www.redhat.com/support/errata/RHSA-2007-0406.html http://www.securitytracker.com/id?1018239 http://secunia.com/advisories/25648 http://secunia.com/advisories/25650 http://secunia.com/advisories/25673 http://secunia.com/advisories/25705 http://secunia.com/advisories/25862 http://secunia.com/advisories/25894 http://secunia.com/advisories/25905 http://secunia.com/advisories/26010 http://secunia.com/advisories/26022 http://secunia.com/advisories/26476 SGI Security Advisory: 20070602-01-P ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-102917-1 SuSE Security Announcement: SUSE-SA:2007:037 (Google Search) http://www.novell.com/linux/security/advisories/2007_37_openoffice.html http://www.ubuntu.com/usn/usn-482-1 http://www.vupen.com/english/advisories/2007/2166 http://www.vupen.com/english/advisories/2007/2229 XForce ISS Database: openoffice-rtf-bo(34843) https://exchange.xforce.ibmcloud.com/vulnerabilities/34843
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.