Red Hat Product Errata RHSA-2007:0001 - Security Advisory

Issued:: 2007-01-03
Updated:: 2007-01-03

RHSA-2007:0001 - Security Advisory

Overview
Updated Packages

Synopsis

Important: openoffice.org security update

Type/Severity

Security Advisory: Important

Topic

Updated openoffice.org packages are now available.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation manager,
formula editor, and drawing program.

Several integer overflow bugs were found in the OpenOffice.org WMF file
processor. An attacker could create a carefully crafted WMF file that could
cause OpenOffice.org to execute arbitrary code when the file was opened by
a victim. (CVE-2006-5870)

All users of OpenOffice.org are advised to upgrade to these updated
packages, which contain a backported fix for this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server 3 x86_64
Red Hat Enterprise Linux Server 3 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Workstation 3 x86_64
Red Hat Enterprise Linux Workstation 3 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux Desktop 3 x86_64
Red Hat Enterprise Linux Desktop 3 i386
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 217347 - CVE-2006-5870 WMF heap overflow

CVEs

CVE-2006-5870

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Power, big endian 4

SRPM
ppc
openoffice.org-1.1.5-6.6.0.EL4.ppc.rpm	SHA-256: feb95447044ec80d950035020b6ec64b9ac5bc959db7b6b54f533919d1986aac
openoffice.org-i18n-1.1.5-6.6.0.EL4.ppc.rpm	SHA-256: 12146ab96badcb9c206822f5046a737dc12809cf2385240a36df84e8ed9d6a26
openoffice.org-kde-1.1.5-6.6.0.EL4.ppc.rpm	SHA-256: cdd6c4f2887f2151b0bfeeb039d61192bdcdfaed4629166ed408e24f06deb1f8
openoffice.org-libs-1.1.5-6.6.0.EL4.ppc.rpm	SHA-256: 15efe0b8c4bcd9705164d59a369e5f0b4ab30303500f7ab7f285e61277ef8e51

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Support

Services

Knowledge

Ecosystem

Red Hat Customer Portal Labs

Additional Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Discussions

Blogs

Customer Events

Stories