Apache OpenOffice

OpenOffice, previously assoicated with SUN Microsystems, and later with Oracle (which bought-out SUN), is now part of the Apache Software Systems.   They have just released the first Apache version, OpenOffice 3.4 :

http://www.openoffice.org/news/aoo34.html 

Among other things, this fixes some critical updates in version 3.3, as noted in http://secunia.com/advisories/46992/ :

Description

Two vulnerabilities [at least one of which is rated Highly Critical] have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system.

1) An integer overflow error in the vclmi.dll module when allocating memory for an embedded image object can be exploited to cause a heap-based buffer overflow e.g. via a specially crafted JPEG object within a DOC file.

2) An error within libwpd when parsing Wordperfect documents can be exploited to overwrite arbitrary memory via a specially crafted Wordperfect WPD-format document.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.

The vulnerabilities are reported in version 3.3. Other versions may also be affected.

Solution
Update to version 3.4.

Changelog
[ http://www.openoffice.org/development/releases/3.4.0.html ]

Original Advisory
http://www.openoffice.org/security/cves/CVE-2012-1149.html 
http://www.openoffice.org/security/cves/CVE-2012-2149.html