Package for OOo Security Bulletin 2006-06-29
OpenOffice.org 2.0.3 has been announced as out !
(french version is expected in the coming hours)
This announcement provides a security bulletin dealing with 3 potential vulnerabilities detected by internal security audits.
if you can not install this new 2.0.3 version for whatever reason, the issue dealing with java applet can be countered as mentionned on the Java Applets, CVE-2006-2199 dedicated page
(be carefull that other issues remain !!)
The solution proposed works great by deactivating java applets but is not so easy to deploy at large scale or for regular users. So i used the OOo Tools for what they are made for : The UNO Package concept that allow to create great extensions but also deploy configuration settings
So this addon reproduces what is proposed on the CVE page. It works for OOo 2.x as well as OOo 1.x
To deploy under OOo 2.x
To deploy under OOo 1.x
Note that running these command lines with the -s switch (for share) let you deploy the addon for all your users
For testing that the patch has been applied correctly, you can insert an applet (eg. the JavaClock.class can be used for testing purpose) and see if it does not run.
You insert a java Applet though
This check also apply to already created document containing applets
(french version is expected in the coming hours)
This announcement provides a security bulletin dealing with 3 potential vulnerabilities detected by internal security audits.
if you can not install this new 2.0.3 version for whatever reason, the issue dealing with java applet can be countered as mentionned on the Java Applets, CVE-2006-2199 dedicated page
(be carefull that other issues remain !!)
The solution proposed works great by deactivating java applets but is not so easy to deploy at large scale or for regular users. So i used the OOo Tools for what they are made for : The UNO Package concept that allow to create great extensions but also deploy configuration settings
So this addon reproduces what is proposed on the CVE page. It works for OOo 2.x as well as OOo 1.x
To deploy under OOo 2.x
- Tools > Package Manager > add and select the zip file
or
- launch <OOoInstall>/program/unopkg <ZipFilePath>
To deploy under OOo 1.x
- launch <OOoInstall>/program/pkgchk <ZipFilePath>
Note that running these command lines with the -s switch (for share) let you deploy the addon for all your users
For testing that the patch has been applied correctly, you can insert an applet (eg. the JavaClock.class can be used for testing purpose) and see if it does not run.
You insert a java Applet though
- Insert > Object > Applet
This check also apply to already created document containing applets
Attached file:
Important announcement: Join the Nuxeo team and contribute to the Nuxeo project! We have open positions in France and the UK for open source Java EE developers and sales engineers, both junior and senior.
Like this post? Share it:
Trackback Pings
Trackback URL for this entry:
http://blogs.nuxeo.com/sections/blogs/laurent_godard/2006_06_30_package-for-ooo-security-bulletin-2006-06-29/tbping
Nuxeo Bloggers: Log in!
Search Nuxeo Blogs
About this blog
Laurent Godard
Nuxeo Bloggers
- Stefane Fermigier
- Florent Guillaume
- Julien Anguenot
- Lennart Regebro
- Bogdan Stefanescu
- Tarek Ziadé
- Laurent Godard
- Arnaud Lefèvre
- Ruslan Spivak
- Eric Barroca
- Myriam Lechelt
- Anahide Tchertchian
- Cedric Bosdonnat
- Thibaut Soulcié
- Georges Racinet
- Eugen Ionica
- Bassem Asseh
- Thierry Delprat
- Agnes Souque
- Alain Escaffre
- Steve Raby
Photos and Pictures