rPath alert rPSA-2007-0070-1 (openoffice.org)


From:
    	       rPath Update Announcements <announce-noreply@rpath.com>
To:
    	       security-announce@lists.rpath.com, update-announce@lists.rpath.com
Subject:
    	       rPSA-2007-0070-1 openoffice.org
Date:
    	       Mon, 09 Apr 2007 14:14:48 -0400
Cc:
    	       full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net
rPath Security Advisory: 2007-0070-1
Published: 2007-04-09
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
    Indirect User Deterministic Unauthorized Access
Updated Versions:
    openoffice.org=/conary.rpath.com@rpl:devel//1/2.2-0.1-1

References:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0238
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0239
    https://issues.rpath.com/browse/RPL-1118

Description:
    Previous versions of the openoffice.org package are vulnerable to
    two indirect code execution attacks, one when reading maliciously
    malformed StarCalc documents, and one when parsing maliciously
    crafted URIs.  (Another vulnerability in libwpd was addressed
    separately, as libwpd is packaged separately in rPath Linux.)

From:		rPath Update Announcements <announce-noreply@rpath.com>
To:		security-announce@lists.rpath.com, update-announce@lists.rpath.com
Subject:		rPSA-2007-0070-1 openoffice.org
Date:		Mon, 09 Apr 2007 14:14:48 -0400
Cc:		full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net