Fedora has only just fixed a two-week old 'highly critical' flaw in OpenOffice
Fedora patches old OpenOffice flaw
/v3-uk/news/1979211/fedora-patches-openoffice-flaw
05 Oct 2007, Matt Chapman , V3
Fedora has fixed a 'highly critical' flaw in the OpenOffice suite of products more than two weeks after it was first discovered.
The vulnerability was announced on the Secunia security website on 18 September and Red Hat provided a fix on the same day for its Enterprise Linux products.
However, an update to fix the problem in the free Fedora Linux has only just been released, despite Red Hat being its main sponsor.
The OpenOffice vulnerability is caused by integer overflows when processing certain tags within Tiff images.
The problem could be exploited to cause heap-based buffer overflows, possibly by tricking a user into opening a specially crafted document.
Successful exploitation could allow the execution of arbitrary code and compromise a user's system.
OpenOffice is a free office productivity suite that includes a word processor, spreadsheet, presentation manager, formula editor and drawing program.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Half-full glass
How about: "Fedora has patched a security flaw in OpenOffice.org less than 3 weeks after is was discovered."
How many security flaws in commercial office suites are fixed less than a month after discovery let alone in "more than two weeks"?
Posted by Scott Bicknell, 05 Oct 2007
Lame
How about it was 3 weeks late on purpose, so that Redhat can sell it's Enterprise products. Obvious answer is right there...
Posted by Jesse, 05 Oct 2007
Story is incorrect
The fix was released to Fedora the same day, as you can see here:
http://koji.fedoraproject.org/koji/buildinfo?buildID=18643
The announcement might have been late, but the fix wasn't.
Did the writer _actually check his facts_ with someone at Fedora before caling it?
Posted by Alex H, 06 Oct 2007
FC6 was fixed way earlier
For Fedora Core 6 in fact the flaw was fixed way earlier:
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00313.html
But not for F7:
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00046.html
I thus would assume the problem here was more the maintainer of the package himself that did might have done something wrong that lead to this.
Posted by Foo Bar, 06 Oct 2007