SQL Queries Make Staroffice Vulnerable
Security researchers Secunia have discovered a vulnerability in StarOffice that gives attackers the ability to execute arbitrary code. The developers of the free counterpart, OpenOffice, removed the problem last week.
The cause of the vulnerability with the CVE ID 2007-4575 is erroneous security restrictions in the integrated HSQLDB database which allows the execution of SQL queries with malevolent Java code with root privileges. An attacker needs to trick the user into opening a carefully crafted document for the exploit to work.
The vulnerability affects StarOffice 1.0.8.9 and older versions of the application. OpenOffice is also affected, but its developers published version 2.3.1 last week to fix the bug. A fix is not currently available for StarOffice. Uses should only open documents from trusted sources. Secunia says that the bug is critical.
Issue 237/2020
Buy this issue as a PDF
News
-
Google’s Nearby Sharing Could Work with Linux
Google’s answer to Apple’s AirDrop feature is rumored to work with the Linux desktop.
-
System76 Launches Ryzen-Powered Laptop
The new System76 Serval WS includes a powerful AMD Ryzen CPU.
-
Linux Mint Drops Snap
Linux Mint has officially dropped their support for Canonical’s snap packages.
-
Lenovo Upping Their Linux Support
Lenovo is now offering full certification and Linux preinstalled hardware.
-
LPI Launches FOSSlife Website
Linux Professional Institute launches FOSSlife, a website for the FOSS community.
-
Tuxedo Computers Joins the Ryzen Bandwagon
Tuxedo Computers has released the Tuxedo Boot BA15 with an AMD Ryzen 3500 CPU.
-
Linux Apps on Windows Is Coming
Linux GUI apps will be coming to Windows Subsystem for Linux.
-
Linux Usage Is on the Rise
According to NetMarketShare, Linux saw a significant bump in usage during April.
-
Lenovo is Jumping on the Linux Laptop Bandwagon
PC and laptop maker Lenovo is set to release ThinkPad laptops pre-installed with Fedora Linux.
-
A New Linux Laptop Is in the Making
Manjaro Linux and TUXEDO computers have joined forces to develop the InfinityBook Manjaro.