OpenOffice Drops a New Version, and the Heaps are Overflowing

Bugfixes have been big this week, with patches pouring forth from proprietary and Open Source projects alike. Drifting down the security stream is a new version of OpenOffice, pushing a critical security patch and perking things up with a barge-load of new features.

The critical vulnerability in question is a heap overflow, which leaves users of versions 2.0 – 2.4 exposed to attack via an exploit-exploiting OpenOffice document, allowing the attacker to use the affected user's system privileges to run arbitrary commands. As of yet, no actual implementation of the glitch has been discovered, but users are strongly encouraged to upgrade, and as an added enticement, a cache of new features is featured. Among them are native support for Microsoft Access 2007 files, automated update checking for extensions, new printing options, and enhanced language features.

All users can obtain the latest version — 2.4.1 — directly from the OpenOffice website, and Linux users using automatic updates should see the security updates pushed downstream through their distribution in short order.


Justin Ryan is a Contributing Editor for Linux Journal.