Technology news and Jobs arrow Information Technology News arrow 'Highly critical' update for OpenOffice
'Highly critical' update for OpenOffice E-mail
by Stephen Withers   
Thursday, 06 December 2007
OpenOffice 2.3.1 fixes a variety of bugs, but one of the most important concerns a vulnerability in the database engine shipped with the package.
A flaw in the HSQLDB database engine could be exploited to execute arbitrary static Java code if an attacker could induce a user to open a maliciously crafted database document.

Secunia rates the vulnerability as 'highly critical'.

OpenOffice 2.3.1 includes HSQLDB 1.8.0.9, which fixes the issue. Any version prior to 2.3.1 should be updated. Since HSQLBD is written in Java, all supported platforms are affected.

Users of OpenOffice derivatives should either watch for a corresponding update or (if necessary) install the revised version of the database which can be downloaded via hsqldb.org.

Please enable JavaScript in your browser to post your comment!

Tags See All Tags


Linux  Macintosh  Malware  Open Source  Security  Software  Stephen Withers  Windows 

Get stories like this delivered daily - FREE - subscribe now
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
Suscribers		 904,266
13,751
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff
Subscribe to our free e-newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire