All the latest UK technology news, reviews and analysis
|
|
|
05 Oct 2007
Fedora has fixed a 'highly critical' flaw in the OpenOffice suite of products more than two weeks after it was first discovered.
The vulnerability was announced on the Secunia security website on 18 September and Red Hat provided a fix on the same day for its Enterprise Linux products.
However, an update to fix the problem in the free Fedora Linux has only just been released, despite Red Hat being its main sponsor.
The OpenOffice vulnerability is caused by integer overflows when processing certain tags within Tiff images.
The problem could be exploited to cause heap-based buffer overflows, possibly by tricking a user into opening a specially crafted document.
Successful exploitation could allow the execution of arbitrary code and compromise a user's system.
OpenOffice is a free office productivity suite that includes a word processor, spreadsheet, presentation manager, formula editor and drawing program.
Latest stories from Open Source
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
A senior C# developer is required by a leading investment...
A senior JAVA developer is required by a leading financial...
A leading investment bank are looking for an AGILE JAVA...
A senior C# WPF F# developer is required by a leading...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Story is incorrect
The fix was released to Fedora the same day, as you can see here: http://koji.fedoraproject.org/koji/buildinfo?buildID=18643 The announcement might have been late, but the fix wasn't. Did the writer _actually check his facts_ with someone at Fedora before caling it?
Posted by: Alex H 06 Oct 2007
FC6 was fixed way earlier
For Fedora Core 6 in fact the flaw was fixed way earlier: https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00313.html But not for F7: https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00046.html I thus would assume the problem here was more the maintainer of the package himself that did might have done something wrong that lead to this.
Posted by: Foo Bar 06 Oct 2007
Half-full glass
How about: "Fedora has patched a security flaw in OpenOffice.org less than 3 weeks after is was discovered." How many security flaws in commercial office suites are fixed less than a month after discovery let alone in "more than two weeks"?
Posted by: Scott Bicknell 05 Oct 2007
Lame
How about it was 3 weeks late on purpose, so that Redhat can sell it's Enterprise products. Obvious answer is right there...
Posted by: Jesse 05 Oct 2007