The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the privileges of the user opening the document.
The update for Ubuntu 5.04 (Hoary Hedgehog) also contains a translation update: The “openoffice.org-l10n-xh” package now contains actual Xhosa translations (the previous version just shipped English strings).
6 May 2005
A security issue affects these releases of Ubuntu and its derivatives:
The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the privileges of the user opening the document.
The update for Ubuntu 5.04 (Hoary Hedgehog) also contains a translation update: The “openoffice.org-l10n-xh” package now contains actual Xhosa translations (the previous version just shipped English strings).
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
Vulmon