Apache Security Fix Details

Friday, May 18, 2012 @ 01:05 PM gHale


There were three “important” security fixes included in the just released open source productivity suite Apache OpenOffice 3.4.0.

These include an integer overflow error when handling embedded images and a memory overwrite bug when loading WordPerfect files, both of which could allow for the execution of arbitrary code, according to the Apache Software Foundation (ASF).

RELATED STORIES
Apache Traffic Server Security Patch
Unpatched PHP Bug Hit
Oracle Flaw PoC Releases by Mistake
A+ Discovery: Student Finds Zero Day

The third hole relates to unchecked memory allocations in malformed PowerPoint files which the developers say an attacker could use to force a denial of service (DoS).

Attacks on all these flaws would require the user to open a specially crafted file. OpenOffice.org 3.3 and the beta version of 3.4 suffer from the issue. In addition, earlier versions may also be vulnerable. The Security Team advises all users to upgrade to the final 3.4 release.

The Apache OpenOffice Project published the preliminary download numbers for the 3.4 release. As of Wednesday 16 May, users downloaded Apache OpenOffice 3.4 more than one million times from over 200 countries. The organization said this figure does not include downloads of language packs, SDKs or source code packages.

Of the downloads, 87% were for Windows and 11% were for Mac OS X. Linux systems accounted for 2% of the overall downloads.



Leave a Reply

You must be logged in to post a comment.