Bugtraq mailing list archives

rPSA-2007-0070-1 openoffice.org

From: rPath Update Announcements <announce-noreply () rpath com>
Date: Mon, 09 Apr 2007 14:14:48 -0400

rPath Security Advisory: 2007-0070-1
Published: 2007-04-09
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
    Indirect User Deterministic Unauthorized Access
Updated Versions:
    openoffice.org=/conary.rpath.com@rpl:devel//1/2.2-0.1-1

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0239
    https://issues.rpath.com/browse/RPL-1118

Description:
    Previous versions of the openoffice.org package are vulnerable to
    two indirect code execution attacks, one when reading maliciously
    malformed StarCalc documents, and one when parsing maliciously
    crafted URIs.  (Another vulnerability in libwpd was addressed
    separately, as libwpd is packaged separately in rPath Linux.)

Current thread:

rPSA-2007-0070-1 openoffice.org rPath Update Announcements (Apr 09)