It never rains but it pours. Alongside a slew of Microsoft and Apple updates issued on Tuesday hard-pressed users and security admins also need to apply an important security fix from OpenOffice.

An integer overflow flaw in a memory function in OpenOffice creates a possible mechanism for hackers to inject hostile code onto vulnerable systems. The flaw affects versions 2.0 to 2.4 and the alternative office suite. Punters need to upgrade to version 2.4.1, as explained here. The update weighs in at 113MB.

The bug (which involves the rtl_allocateMemory() function) was discovered by security researchers at iDefense. There's no workaround aside from applying the patch. On the plus side there's no evidence that the flaw is being actively exploited by hackers.

But each time we've updated OpenOffice it has run consistently slower. Let's hope the latest version doesn't introduce further lag.

In other patching news, users of the popular Skype VoIP client are reminded to upgrade following the announcement of a URI handler bug late last week. The flaw was also discovered by iDefense. Users need to upgrade to version 3.8.0.139. More information on the update can be found in an advisory from Skype here. ®

Related stories

• MS tries again after faulty Bluetooth security fix (20 June 2008)
• Get 'em while they're hot: critical security fixes from Microsoft, Apple (10 June 2008)
• Microsoft punts web-based apps to the masses (1 October 2007)
• OpenOffice builds extensions for v2.3 (20 September 2007)
• Russians crack OpenOffice security (20 April 2007)
• OpenOffice hits back at viral risk claims (15 August 2006)
• OpenOffice update fixes security bug trio (3 July 2006)