H Security – (International) Apache details OpenOffice 3.4 security fixes. Following the release of Apache OpenOffice 3.4.0 the week of May 7, the Apache Software Foundation (ASF) detailed the security fixes included in the new version of the open source productivity suite. According to the ASF, the first stable release of OpenOffice under its governance addresses three security vulnerabilities, all of which are rated as “important.” These include an integer overflow error when handling embedded images and a memory overwrite bug when loading WordPerfect files, both of which could allow for the execution of arbitrary code. The third hole is related to unchecked memory allocations in malformed PowerPoint files that the - 16 - developers say could be used to cause a denial-of-service. Attacks on all these flaws would require the user to open a specially crafted file. OpenOffice.org 3.3 and the beta version of 3.4 are affected; earlier versions may also be vulnerable. The Security Team advises all users to upgrade to the final 3.4 release.
Ali Loney, on May 17, 2012