A security
patch has been announced on OOo release list by Martin Hollmichel

it covers a
heap overflow on opening DOC files
. This hole could then be exploited by
a malicious document. Everybody using OOo 1.1.4 should update.

The patch is actually spreading over mirrors and should be available
It is located on the mirror at /contrib/rc/1.1.4secpatch/
(a french mirror : ftp://openoffice.cict.fr/openoffice/)

To install it (on linux - read announce for other OS)

  • go to <ooo>/progam

  • replace the file libsot645li.so by the new one (you may have to change
    permissions).it is advised to previously backup this file

This patch is only given for the official 1.1.4 version. For other versions
(distrib specific and/or oldest versions) a new milestone 645_m53 containing
the patch sources is available on CVS

It is good that such flows are adressed and patches given but OOo team will
have to think to end-users that even do not want to (or can not) perform a
simple file copy. Perharps an addon simplifying the process ...

updates :

  • Announce on the french list

  • A pacth for OOo 1.1.4 for MacOsX will also be available (named

(Post originally written by Laurent Godard on the old Nuxeo blogs.)