rPSA-2007-0070-1 openoffice.org
rPath Update Announcements
announce-noreply at rpath.com
Mon Apr 9 14:14:48 EDT 2007
rPath Security Advisory: 2007-0070-1
Published: 2007-04-09
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
openoffice.org=/conary.rpath.com at rpl:devel//1/2.2-0.1-1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0239
https://issues.rpath.com/browse/RPL-1118
Description:
Previous versions of the openoffice.org package are vulnerable to
two indirect code execution attacks, one when reading maliciously
malformed StarCalc documents, and one when parsing maliciously
crafted URIs. (Another vulnerability in libwpd was addressed
separately, as libwpd is packaged separately in rPath Linux.)
More information about the update-announce
mailing list