[<prev] [next>] [day] [month] [year] [list]
Message-ID: <461a8298.qI6Xuz9bms+C0sfp%announce-noreply@rpath.com>
Date: Mon, 09 Apr 2007 14:14:48 -0400
From: rPath Update Announcements <announce-noreply@...th.com>
To: security-announce@...ts.rpath.com,
update-announce@...ts.rpath.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com,
lwn@....net
Subject: rPSA-2007-0070-1 openoffice.org
rPath Security Advisory: 2007-0070-1
Published: 2007-04-09
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Indirect User Deterministic Unauthorized Access
Updated Versions:
openoffice.org=/conary.rpath.com@rpl:devel//1/2.2-0.1-1
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0239
https://issues.rpath.com/browse/RPL-1118
Description:
Previous versions of the openoffice.org package are vulnerable to
two indirect code execution attacks, one when reading maliciously
malformed StarCalc documents, and one when parsing maliciously
crafted URIs. (Another vulnerability in libwpd was addressed
separately, as libwpd is packaged separately in rPath Linux.)
Powered by blists - more mailing lists