OpenOffice update completes bumper patch crop
Integer overflow angst
It never rains but it pours. Alongside a slew of Microsoft and Apple updates issued on Tuesday hard-pressed users and security admins also need to apply an important security fix from OpenOffice.
An integer overflow flaw in a memory function in OpenOffice creates a possible mechanism for hackers to inject hostile code onto vulnerable systems. The flaw affects versions 2.0 to 2.4 and the alternative office suite. Punters need to upgrade to version 2.4.1, as explained here. The update weighs in at 113MB.
The bug (which involves the rtl_allocateMemory() function) was discovered by security researchers at iDefense. There's no workaround aside from applying the patch. On the plus side there's no evidence that the flaw is being actively exploited by hackers.
But each time we've updated OpenOffice it has run consistently slower. Let's hope the latest version doesn't introduce further lag.
In other patching news, users of the popular Skype VoIP client are reminded to upgrade following the announcement of a URI handler bug late last week. The flaw was also discovered by iDefense. Users need to upgrade to version 220.127.116.11. More information on the update can be found in an advisory from Skype here. ®