White Box 64 Published by

Updated OpenOffice packages are now available for White Box Enterprise Linux 3.0

Security Advisory

Synopsis: Updated OpenOffice packages fix security vulnerability in neon
Advisory ID: [WBSA-2004:160-01]
Issue date: 2004-04-14
Updated on: 2004-04-19
Product: White Box Enterprise Linux 3.0 (i386)
Cross references:
CVE Names: CAN-2004-0179

NOTICE: This package is not just a security fix. RedHat has released OpenOffice.org 1.1 as a patch for this security problem. Besides being a new version, the name of the package has changed from openoffice to openoffice.org so up2date over Yum will NOT automatically detect it. This means you are going to have to manually obtain and install this errata. Due to it's size, PLEASE use a mirror.


Updated OpenOffice packages that fix a vulnerability in neon exploitable by a malicious DAV server are now available.

More information is available in Red Hat, Inc's original advisory available on their site at:


To install this new package on your White Box Enterprise Linux system use the Up2Date Network or Yum.

Note: Be sure to change the default Up2Date or Yum server from the initial location to prevent undue load to the whiteboxlinux.org server, which doesn't have a lot of outbound bandwidth. The config files already have entries for mirror sites commented out.

Up2Date's configuration file is at /etc/sysconfig/rhn/sources

Yum's configuration is in /etc/yum.conf