Advisories:rPSA-2006-0173

From rPath Wiki

rPath Security Advisory 2006-0173-1

Published: 2006-09-26

Products

• rPath Linux 1

Rating

Major

Exposure Level Classification

Indirect User Deterministic Unauthorized Access

Updated Versions

• openoffice.org=conary.rpath.com@rpl:1/2.0.3-1.6-1

rPath Issue Tracking System

• RPL-475

References

• CVE-2006-2198
• CVE-2006-3117
• CVE-2006-2199

Description

Previous versions of the openoffice.org packages are susceptible

to several vulnerabilities, including a denial of service (application

crash) and a user-complicit unauthorized access attack that enables

an attacker to cause arbitrary code to be run. These versions are

not susceptible to CVE-2006-2199 because Java is not enabled in

those builds.

Because Java support could not be disabled in the initial release

of OpenOffice.org 2.0.3, and because Java support is not included

within rPath Linux 1, this update was delayed until non-Java builds

were re-enabled in OpenOffice.org.

Copyright 2006 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html