rPSA-2007-0070-1 openoffice.org

To: security-announce@xxxxxxxxxxxxxxx, update-announce@xxxxxxxxxxxxxxx
Subject: rPSA-2007-0070-1 openoffice.org
From: rPath Update Announcements <announce-noreply@xxxxxxxxx>
Date: Mon, 09 Apr 2007 14:14:48 -0400
Cc: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, lwn@xxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: nail 11.22 3/20/05

rPath Security Advisory: 2007-0070-1
Published: 2007-04-09
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
    Indirect User Deterministic Unauthorized Access
Updated Versions:
    openoffice.org=/conary.rpath.com@rpl:devel//1/2.2-0.1-1

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0239
    https://issues.rpath.com/browse/RPL-1118

Description:
    Previous versions of the openoffice.org package are vulnerable to
    two indirect code execution attacks, one when reading maliciously
    malformed StarCalc documents, and one when parsing maliciously
    crafted URIs.  (Another vulnerability in libwpd was addressed
    separately, as libwpd is packaged separately in rPath Linux.)

Prev by Date: xodagallery Remote Code Execution Vulnerability
Next by Date: Re: Re: Mybb Hot Editor Plugin Local File Inclusion
Previous by thread: xodagallery Remote Code Execution Vulnerability
Next by thread: iDefense Security Advisory 04.09.07: AOL AIM and ICQ File Transfer Path-Traversal Vulnerability
Index(es):
- Date
- Thread