You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by or...@apache.org on 2015/11/04 22:41:25 UTC
svn commit: r1712667 -
/openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5212.html
Author: orcmid
Date: Wed Nov 4 21:41:25 2015
New Revision: 1712667
URL: http://svn.apache.org/viewvc?rev=1712667&view=rev
Log:
Staging for disclosure
Added:
openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5212.html (with props)
Added: openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5212.html
URL: http://svn.apache.org/viewvc/openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5212.html?rev=1712667&view=auto
==============================================================================
--- openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5212.html (added)
+++ openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5212.html [UTF-8] Wed Nov 4 21:41:25 2015
@@ -0,0 +1,109 @@
+
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>CVE-2015-5212</title>
+ <style type="text/css"></style>
+ </head>
+
+ <body>
+ <!-- These were previously defined as XHTML pages. The current
+ wrapping for the site introduces HTML5 headers and formats.
+ This version is modified to match the wrapping that is done as part
+ of publishing this page and not rely on any particular styling
+ beyond <p>.
+ -->
+ <p>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5212">CVE-2015-5212</a>
+ </p>
+ <p>
+ <a href="http://www.openoffice.org/security/cves/CVE-2015-5212.html">Apache OpenOffice Advisory</a>
+ </p>
+
+ <p style="text-align:center; font-size:largest"><strong>CVE-2015-5212:
+ ODF PRINTER SETTINGS VULNERABILITY</strong></p>
+
+ <p style="text-align:center; font-size:larger"><strong>Fixed in Apache OpenOffice 4.1.2</strong></p>
+
+
+ <p>
+ <strong>Version 1.0</strong>
+ <br />
+ Announced November 4, 2015</p>
+
+ <p>
+ A crafted ODF document can be used to create a buffer that is
+ too small for the amount of data loaded into it, allowing an
+ attacker to cause denial of service (memory corruption and
+ application crash) and possible execution of arbitrary code.
+ </p>
+
+ <p>
+ <strong>Severity: Important</strong>
+ </p>
+ <p>There are no known exploits of this vulnerabilty.<br />
+ A proof-of-concept demonstration exists.</p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+
+ <p>
+ <strong>Versions Affected</strong></p>
+
+ <p>All Apache OpenOffice versions 4.1.1 and older are affected.<br />
+ OpenOffice.org versions are also affected.</p>
+
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>Apache OpenOffice users are urged to download and install
+ Apache OpenOffice version 4.1.2 or later. Use of in-document
+ control of printer settings is disabled in 4.1.2.</p>
+ <p>
+
+ </p>
+ <p>
+ <strong>Precautions</strong>
+ </p>
+ <p>
+ Users who do not upgrade to Apache OpenOffice 4.1.2
+ can disable the vulnerability directly by declining to use printer
+ settings provided as part of ODF Documents:</p>
+
+ <ol><li>In Apache OpenOffice, select the Tools menu Options entry.</li>
+ <li>On the Options Load/Save item's General sub-item, remove any
+ check for "Load printer settings with the document".</li>
+ <li>Click "OK".</li>
+ <li>This setting will apply to all documents loaded thereafter.</li>
+ </ol>
+
+
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+ or make requests to the
+ <a href="mailto:users@openofffice.apache.org">users@openofffice.apache.org</a>
+ public mailing list.
+ </p>
+ <p>The latest information on Apache OpenOffice security bulletins
+ can be found at the <a href="http://www.openoffice.org/security/bulletin.html">Bulletin
+ Archive page</a>.</p>
+
+ <p><strong>Credits</strong></p>
+ <p>
+ The discoverer of this vulnerability wishes to remain anonymous.<br >
+ Apache OpenOffice security team thanks Caolán McNamara of Red Hat for
+ analysis and a repair solution.
+ </p>
+
+ <hr />
+
+ <p>
+ <a href="http://security.openoffice.org">Security Home</a>
+ -> <a href="http://security.openoffice.org/bulletin.html">Bulletin</a>
+ -> <a href="http://www.openoffice.org/security/cves/CVE-2015-5212.html">CVE-2015-5212</a>
+ </p>
+ </body>
+</html>
Propchange: openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5212.html
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: openoffice/ooo-site/trunk/content/security/cves/CVE-2015-5212.html
------------------------------------------------------------------------------
svn:mime-type = text/html;charset=UTF-8