The final version of OpenOffice.org 3.2 has been released to the public earlier this month. The free alternative to Microsoft’s Office productivity suite comes with new and improved features and functionality, provides better compatibility with other office software, offers 46% faster “cold start’ times for Calc and Writer, fixes bugs and plugs security holes.
Speaking of security holes, here are the security holes that OpenOffice.org 3.2 plugs:
Title: Potential vulnerability related to MS-Word document processing Description: A security vulnerability in OpenOffice.org, related to Word document processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted Word document provided by the remote user. Affected software: All OpenOffice.org versions except 3.2 Credit: Nicolas Joly, VUPEN Vulnerability Research Team.
Title: Potential vulnerability related to GIF file processing Description: A security vulnerability in OpenOffice.org, related to GIF file processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted GIF file provided by the remote user. GIF files can also be embedded in different kind of documents, including documents in the OpenDocument Format (ODF), the default format used by OpenOffice.org. Affected software: All OpenOffice.org versions except 3.2 Credit: Frank Reißner and Sebastian Apelt from siberas
Title: Potential vulnerability related to XPM file processing Description: A security vulnerability in OpenOffice.org, related to XPM file processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted XPM file provided by the remote user. XPM files can also be embedded in different kind of documents, including documents in the OpenDocument Format (ODF), the default format used by OpenOffice.org. Affected software: All OpenOffice.org versions except 3.2 Credit: Sebastian Apelt from siberas
Title: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime Description: OpenOffice.org 3 for Windows ships with a vulnerable version of the MSVC Runtime. OpenOffice.org is not affected by the security issue, but centrally installs the vulnerable MSVC Runtime if it didn't exist on the system before. The vulnerable version should be updated automatically by the monthly Windows updates, but newer versions of OpenOffice.org also come with the updated MSVC Runtime. Affected software: All OpenOffice.org for Windows versions except 3.2. OpenOffice.org 2 and OpenOffice.org 1.1 are not affected.
Title: Potential vulnerability from 3rd party libxmlsec libraries Description: OpenOffice.org 2 and 3 ship with 3rd party libraries affected by the XML signature HMAC truncation authentication bypass issue documented here. Affected software: All OpenOffice.org 2 versions; all OpenOffice.org 3 versions except 3.2
Title: Potential vulnerability from 3rd party libxml2 libraries Description: OpenOffice.org 2 and 3 might fail to handle signatures properly due to the use of a 3rd party library known for having the issue described here. Affected software: All OpenOffice.org 2 versions; all OpenOffice.org 3 versions except 3.2
SPONSORED LINKS
If you are currently using OpenOffice.org 3, then you should upgrade to version 3.2 and take advantage of all the new and improved features as well as the enhanced level of security. Speaking of features and functionality, here are the other bits and pieces you can expect to get from OpenOffice 3.2:
- Faster start up times
- Improved compatibility with open standard (ODF) and proprietary file formats
- Improvements to all components, particularly the Calc spreadsheet, with over a dozen new or enhanced features
- The Chart module (usable throughout OpenOffice.org) has had a usability makeover as well as offering new chart types
The final version of 