Updated libwpd packages to correct a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team.

- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Important: libwpd security update
Advisory ID:       RHSA-2007:0055-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2007:0055.html
Issue date:        2007-03-16
Updated on:        2007-03-16
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-0002 
- ---------------------------------------------------------------------1. Summary:

Updated libwpd packages to correct a security issue are now available for
Red Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64

3. Problem description:

libwpd is a library for reading and converting Word Perfect documents.

iDefense reported several overflow bugs in libwpd.  An attacker could
create a carefully crafted Word Perfect file that could cause an
application linked with libwpd, such as OpenOffice, to crash or possibly
execute arbitrary code if the file was opened by a victim. (CVE-2007-0002)

All users are advised to upgrade to these updated packages, which contain a
backported fix for this issue.

Red Hat would like to thank Fridrich