You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by bu...@apache.org on 2015/11/04 22:42:27 UTC
svn commit: r971372 - in /websites/staging/ooo-site/trunk: cgi-bin/ content/
content/security/cves/CVE-2015-5213.html
Author: buildbot
Date: Wed Nov 4 21:42:27 2015
New Revision: 971372
Log:
Staging update by buildbot for ooo-site
Added:
websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-5213.html
Modified:
websites/staging/ooo-site/trunk/cgi-bin/ (props changed)
websites/staging/ooo-site/trunk/content/ (props changed)
Propchange: websites/staging/ooo-site/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Nov 4 21:42:27 2015
@@ -1 +1 @@
-1712667
+1712668
Propchange: websites/staging/ooo-site/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Nov 4 21:42:27 2015
@@ -1 +1 @@
-1712667
+1712668
Added: websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-5213.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-5213.html (added)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-5213.html Wed Nov 4 21:42:27 2015
@@ -0,0 +1,122 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+ <title>CVE-2015-5213</title>
+ <style type="text/css"></style>
+
+<!--#include virtual="/google-analytics.js" -->
+<!--#include virtual="/scripts/entourage.js" -->
+</head>
+<body>
+<!--#include virtual="/brand.html" -->
+ <div id="topbara">
+ <!--#include virtual="/topnav.html" -->
+ <div id="breadcrumbsa"><a href="/">home</a> » <a href="/security/">security</a> » <a href="/security/cves/">cves</a></div>
+ </div>
+ <div id="clear"></div>
+
+
+ <div id="content">
+
+
+
+ <!-- These were previously defined as XHTML pages. The current
+ wrapping for the site introduces HTML5 headers and formats.
+ This version is modified to match the wrapping that is done as part
+ of publishing this page and not rely on any particular styling
+ beyond <p>.
+ -->
+ <p>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5213">CVE-2015-5213</a>
+ </p>
+ <p>
+ <a href="http://www.openoffice.org/security/cves/CVE-2015-5213.html">Apache OpenOffice Advisory</a>
+ </p>
+
+ <p style="text-align:center; font-size:largest"><strong>CVE-2015-5213:
+ .DOC DOCUMENT VULNERABILITY</strong></p>
+
+ <p style="text-align:center; font-size:larger"><strong>Fixed in Apache OpenOffice 4.1.2</strong></p>
+
+ <p><strong>Title: Memory Corruption Vulnerability (DOC
+ Piecetable)</strong></p>
+ <p>
+ <strong>Version 1.0</strong>
+ <br />
+ Announced November 4, 2015</p>
+
+ <p>
+ A crafted Microsoft Word DOC file can be used to specify a
+ document buffer that is too small for the amount of data
+ provided for it. Failure to detect the discrepancy allows
+ an attacker to cause denial of service (memory corruption
+ and application crash) and possible execution of arbitrary
+ code.
+ </p>
+
+ <p>
+ <strong>Severity: Important</strong>
+ </p>
+ <p>There are no known exploits of this vulnerabilty.<br />
+ A proof-of-concept demonstration exists.</p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+
+ <p>
+ <strong>Versions Affected</strong></p>
+
+ <p>All Apache OpenOffice versions 4.1.1 and older are affected.<br />
+ OpenOffice.org versions are also affected.</p>
+
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>Apache OpenOffice users are urged to download and install
+ Apache OpenOffice version 4.1.2 or later. DOC files having
+ the defect are detected and made ineffective in 4.1.2.
+ </p>
+
+ <p>
+ <strong>Precautions</strong>
+ </p>
+ <p>
+ Users who do not upgrade to Apache OpenOffice 4.1.2 should
+ be careful of .DOC files from unknown or unreliable sources.
+ A Microsoft Word 97-2003 DOC format file can be checked
+ by opening with software, such as Microsoft Office Word or
+ Word Online, that rejects documents having this defect as
+ corrupted.</p>
+
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+ or make requests to the
+ <a href="mailto:users@openofffice.apache.org">users@openofffice.apache.org</a>
+ public mailing list.
+ </p>
+ <p>The latest information on Apache OpenOffice security bulletins
+ can be found at the <a href="http://www.openoffice.org/security/bulletin.html">Bulletin
+ Archive page</a>.</p>
+
+ <p><strong>Credits</strong></p>
+ <p>
+ The discoverer of this vulnerability wishes to remain anonymous.
+ </p>
+
+ <hr />
+
+ <p>
+ <a href="http://security.openoffice.org">Security Home</a>
+ -> <a href="http://security.openoffice.org/bulletin.html">Bulletin</a>
+ -> <a href="http://www.openoffice.org/security/cves/CVE-2015-5213.html">CVE-2015-5213</a>
+ </p>
+
+ </div>
+<!--#include virtual="/footer.html" -->
+</body>
+</html>