Oval Definition:oval:com.redhat.rhsa:def:20071048
Revision Date:2007-12-05Version:639
Title:RHSA-2007:1048: openoffice.org, hsqldb security update (Moderate)
Description:OpenOffice.org is an office productivity suite. HSQLDB is a Java relational database engine used by OpenOffice.org Base.

  • It was discovered that HSQLDB could allow the execution of arbitrary public static Java methods. A carefully crafted odb file opened in OpenOffice.org Base could execute arbitrary commands with the permissions of the user running OpenOffice.org. (CVE-2007-4575)

  • It was discovered that HSQLDB did not have a password set on the 'sa' user. If HSQLDB has been configured as a service, a remote attacker who could connect to the HSQLDB port (tcp 9001) could execute arbitrary SQL commands. (CVE-2003-0845)

    Note that in Red Hat Enterprise Linux 5, HSQLDB is not enabled as a service by default, and needs manual configuration in order to work as a service.

    Users of OpenOffice.org or HSQLDB should update to these errata packages which contain backported patches to correct these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2003-0845
    CVE-2007-4575
    RHSA-2007:1048
    RHSA-2007:1048-01
    RHSA-2007:1048-01
    Platform(s):Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • hsqldb is earlier than 1:1.8.0.4-3jpp.6
  • AND hsqldb is signed with Red Hat redhatrelease2 key
  • hsqldb-demo is earlier than 1:1.8.0.4-3jpp.6
  • AND hsqldb-demo is signed with Red Hat redhatrelease2 key
  • hsqldb-javadoc is earlier than 1:1.8.0.4-3jpp.6
  • AND hsqldb-javadoc is signed with Red Hat redhatrelease2 key
  • hsqldb-manual is earlier than 1:1.8.0.4-3jpp.6
  • AND hsqldb-manual is signed with Red Hat redhatrelease2 key
  • openoffice.org-base is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-base is signed with Red Hat redhatrelease2 key
  • openoffice.org-calc is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-calc is signed with Red Hat redhatrelease2 key
  • openoffice.org-core is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-core is signed with Red Hat redhatrelease2 key
  • openoffice.org-draw is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-draw is signed with Red Hat redhatrelease2 key
  • openoffice.org-emailmerge is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-emailmerge is signed with Red Hat redhatrelease2 key
  • openoffice.org-graphicfilter is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-graphicfilter is signed with Red Hat redhatrelease2 key
  • openoffice.org-impress is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-impress is signed with Red Hat redhatrelease2 key
  • openoffice.org-javafilter is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-javafilter is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-af_ZA is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-af_ZA is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-ar is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-ar is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-as_IN is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-as_IN is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-bg_BG is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-bg_BG is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-bn is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-bn is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-ca_ES is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-ca_ES is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-cs_CZ is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-cs_CZ is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-cy_GB is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-cy_GB is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-da_DK is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-da_DK is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-de is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-de is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-el_GR is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-el_GR is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-es is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-es is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-et_EE is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-et_EE is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-eu_ES is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-eu_ES is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-fi_FI is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-fi_FI is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-fr is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-fr is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-ga_IE is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-ga_IE is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-gl_ES is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-gl_ES is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-gu_IN is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-gu_IN is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-he_IL is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-he_IL is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-hi_IN is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-hi_IN is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-hr_HR is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-hr_HR is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-hu_HU is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-hu_HU is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-it is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-it is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-ja_JP is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-ja_JP is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-kn_IN is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-kn_IN is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-ko_KR is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-ko_KR is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-lt_LT is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-lt_LT is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-ml_IN is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-ml_IN is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-mr_IN is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-mr_IN is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-ms_MY is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-ms_MY is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-nb_NO is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-nb_NO is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-nl is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-nl is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-nn_NO is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-nn_NO is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-nr_ZA is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-nr_ZA is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-nso_ZA is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-nso_ZA is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-or_IN is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-or_IN is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-pa_IN is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-pa_IN is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-pl_PL is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-pl_PL is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-pt_BR is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-pt_BR is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-pt_PT is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-pt_PT is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-ru is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-ru is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-sk_SK is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-sk_SK is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-sl_SI is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-sl_SI is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-sr_CS is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-sr_CS is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-ss_ZA is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-ss_ZA is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-st_ZA is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-st_ZA is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-sv is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-sv is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-ta_IN is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-ta_IN is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-te_IN is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-te_IN is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-th_TH is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-th_TH is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-tn_ZA is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-tn_ZA is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-tr_TR is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-tr_TR is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-ts_ZA is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-ts_ZA is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-ur is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-ur is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-ve_ZA is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-ve_ZA is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-xh_ZA is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-xh_ZA is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-zh_CN is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-zh_CN is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-zh_TW is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-zh_TW is signed with Red Hat redhatrelease2 key
  • openoffice.org-langpack-zu_ZA is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-langpack-zu_ZA is signed with Red Hat redhatrelease2 key
  • openoffice.org-math is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-math is signed with Red Hat redhatrelease2 key
  • openoffice.org-pyuno is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-pyuno is signed with Red Hat redhatrelease2 key
  • openoffice.org-testtools is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-testtools is signed with Red Hat redhatrelease2 key
  • openoffice.org-writer is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-writer is signed with Red Hat redhatrelease2 key
  • openoffice.org-xsltfilter is earlier than 1:2.0.4-5.4.25
  • AND openoffice.org-xsltfilter is signed with Red Hat redhatrelease2 key
    • BACK