OpenOffice.org is an office productivity suite.HSQLDB is a Java relational database engine used by OpenOffice.org Base.It was discovered that HSQLDB could allow the execution of arbitrary publicstatic Java methods. A carefully crafted odb file opened in OpenOffice.orgBase could execute arbitrary commands with the permissions of the userrunning OpenOffice.org. (CVE-2007-4575)It was discovered that HSQLDB did not have a password set on the 'sa' user. If HSQLDB has been configured as a service, a remote attacker who couldconnect to the HSQLDB port (tcp 9001) could execute arbitrary SQL commands.(CVE-2003-0845)Note that in Red Hat Enterprise Linux 5, HSQLDB is not enabled as a serviceby default, and needs manual configuration in order to work as a service.Users of OpenOffice.org or HSQLDB should update to these errata packageswhich contain backported patches to correct these issues.