Language Selection

English French German Italian Portuguese Spanish

OpenOffice Confirms Buffer Overflow Flaw

Filed under
Security

The OpenOffice.org community on Tuesday confirmed the existence of a potentially serious heap-overflow vulnerability in its freely distributed office productivity suite.

The flaw affects OpenOffice Version 1.1.4 and prior and OpenOffice Version 2.0-dev and prior and could put users at risk of code execution attacks.

OpenOffice.org community manager Louis Suarez-Potts confirmed that the vulnerability was discovered in the "StgCompObjStream::Load()" function and occurs when handling a specially crafted ".doc" file.

This could potentially be exploited by attackers to compromise a vulnerable system by convincing a user to open a malicious document with an unpatched application.

"We learned of this March 31 and will be working on it immediately. A patch is ready but it is still going through [quality assurance] testing," Suarez-Potts told eWEEK.com. The update is expected to be available for general download within two days.

Full Story.

More in Tux Machines

Windows 10 vs. Linux Radeon Software Performance, Including AMDGPU-PRO & RadeonSI

As alluded to earlier and on Twitter, the past few days I have been working on a fresh Windows 10 vs. Ubuntu Linux graphics/gaming performance comparison. This time it's looking at the latest Radeon performance using an R9 Fury and RX 480. Tests on Windows were obviously done with Radeon Software Crimson Edition while under Linux were the two latest AMD/RTG Linux driver options: the hybrid AMDGPU-PRO driver and the fully open-source driver via Linux 4.8 and Mesa 12.1-dev. Read more

Flatpak Universal Linux Package Supports Local Path References for Git Sources

Alex Larsson from the Flatpak project has announced the release of a new maintenance update to the universal binary package format for Linux kernel-based operating systems. Read more

Debian-Based Q4OS 1.6 "Orion" Linux Distro Launches with Trinity Desktop 14.0.3

Softpedia has been informed today, August 28, 2016, by the developer of the Debian-based Q4OS GNU/Linux distribution about the immediate availability for download of a new stable release to the "Orion" series, version 1.6. Read more