OpenOffice.org 2.0.3 has been announced as out !
(french version is expected in the coming hours)
This announcement provides a security bulletin dealing with 3 potential vulnerabilities detected by internal security audits.
if you can not install this new 2.0.3 version for whatever reason, the issue dealing with java applet can be countered as mentionned on the Java Applets, CVE-2006-2199 dedicated page
(be carefull that other issues remain !!)
The solution proposed works great by deactivating java applets but is not so easy to deploy at large scale or for regular users. So i used the OOo Tools for what they are made for : The UNO Package concept that allow to create great extensions but also deploy configuration settings
So this addon reproduces what is proposed on the CVE page. It works for OOo 2.x as well as OOo 1.x
To deploy under OOo 2.x
To deploy under OOo 1.x
Note that running these command lines with the -s switch (for share) let you deploy the addon for all your users
For testing that the patch has been applied correctly, you can insert an applet (eg. the JavaClock.class can be used for testing purpose) and see if it does not run.
You insert a java Applet though
This check also apply to already created document containing applets
(french version is expected in the coming hours)
This announcement provides a security bulletin dealing with 3 potential vulnerabilities detected by internal security audits.
if you can not install this new 2.0.3 version for whatever reason, the issue dealing with java applet can be countered as mentionned on the Java Applets, CVE-2006-2199 dedicated page
(be carefull that other issues remain !!)
The solution proposed works great by deactivating java applets but is not so easy to deploy at large scale or for regular users. So i used the OOo Tools for what they are made for : The UNO Package concept that allow to create great extensions but also deploy configuration settings
So this addon reproduces what is proposed on the CVE page. It works for OOo 2.x as well as OOo 1.x
To deploy under OOo 2.x
- Tools > Package Manager > add and select the zip file
or
- launch <OOoInstall>/program/unopkg <ZipFilePath>
To deploy under OOo 1.x
- launch <OOoInstall>/program/pkgchk <ZipFilePath>
Note that running these command lines with the -s switch (for share) let you deploy the addon for all your users
For testing that the patch has been applied correctly, you can insert an applet (eg. the JavaClock.class can be used for testing purpose) and see if it does not run.
You insert a java Applet though
- Insert > Object > Applet
This check also apply to already created document containing applets
(Post originally written by Laurent Godard on the old Nuxeo blogs.)
Comments