1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200410-17 / openoffice |
| Release Date | October 20, 2004 |
| Latest Revision | October 20, 2004: 01 |
| Impact | low |
| Exploitable | local |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| app-office/openoffice | = 1.1.2 | < 1.1.2, >= 1.1.3 | All supported architectures |
| app-office/openoffice-bin | = 1.1.2 | < 1.1.2, >= 1.1.3 | All supported architectures |
| app-office/openoffice-ximian | = 1.1.60, = 1.1.61 | < 1.1.60, >= 1.3.4 | All supported architectures |
Related bugreports: #63556
OpenOffice.org uses insecure temporary files which could allow a malicious local user to gain knowledge of sensitive information from other users' documents.
OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities.
On start-up, OpenOffice.org 1.1.2 creates a temporary directory with insecure permissions. When a document is saved, a compressed copy of it can be found in that directory.
A malicious local user could obtain the temporary files and thus read documents belonging to other users.
There is no known workaround at this time.
All affected OpenOffice.org users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge sync # emerge -pv ">=app-office/openoffice-1.1.3" # emerge ">=app-office/openoffice-1.1.3" |
All affected OpenOffice.org binary users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge sync # emerge -pv ">=app-office/openoffice-bin-1.1.3" # emerge ">=app-office/openoffice-bin-1.1.3" |
All affected OpenOffice.org Ximian users should upgrade to the latest version:
Code Listing 3.3: Resolution |
# emerge sync # emerge -pv ">=app-office/openoffice-ximian-1.3.4" # emerge ">=app-office/openoffice-1.3.4" |