You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by ro...@apache.org on 2012/08/27 22:45:18 UTC
svn commit: r1377848 - in /incubator/ooo/ooo-site/trunk/content/security:
bulletin.html cves/CVE-2012-2665.html
Author: robweir
Date: Mon Aug 27 20:45:17 2012
New Revision: 1377848
URL: http://svn.apache.org/viewvc?rev=1377848&view=rev
Log:
Changes to support CVE-2012-2665
Added:
incubator/ooo/ooo-site/trunk/content/security/cves/CVE-2012-2665.html
Modified:
incubator/ooo/ooo-site/trunk/content/security/bulletin.html
Modified: incubator/ooo/ooo-site/trunk/content/security/bulletin.html
URL: http://svn.apache.org/viewvc/incubator/ooo/ooo-site/trunk/content/security/bulletin.html?rev=1377848&r1=1377847&r2=1377848&view=diff
==============================================================================
--- incubator/ooo/ooo-site/trunk/content/security/bulletin.html (original)
+++ incubator/ooo/ooo-site/trunk/content/security/bulletin.html Mon Aug 27 20:45:17 2012
@@ -20,7 +20,12 @@
<p><strong>If you want to stay up to date on OpenOffice.org security announcements, please subscribe to our <a href="alerts.html">security-alerts mailing list</a>.</strong></p>
- <h3>Fixed in Apache OpenOffice 3.4</h3>
+ <h3>Fixed in Apache OpenOffice 3.4.1</h3>
+<ul>
+<li><a href="cves/CVE-2012-2665.html">CVE-2012-2665</a>: Manifest-processing errors in Apache OpenOffice 3.4.0</li>
+</ul>
+
+ <h3>Fixed in Apache OpenOffice 3.4.0</h3>
<ul>
<li><a href="cves/CVE-2012-1149.html">CVE-2012-1149</a>: OpenOffice.org integer overflow error in vclmi.dll module when allocating
memory for an embedded image object</li>
Added: incubator/ooo/ooo-site/trunk/content/security/cves/CVE-2012-2665.html
URL: http://svn.apache.org/viewvc/incubator/ooo/ooo-site/trunk/content/security/cves/CVE-2012-2665.html?rev=1377848&view=auto
==============================================================================
--- incubator/ooo/ooo-site/trunk/content/security/cves/CVE-2012-2665.html (added)
+++ incubator/ooo/ooo-site/trunk/content/security/cves/CVE-2012-2665.html Mon Aug 27 20:45:17 2012
@@ -0,0 +1,59 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head profile="http://www.w3.org/2005/10/profile">
+ <title>CVE-2012-2665</title>
+ <style type="text/css"></style>
+</head>
+
+<body>
+ <h2><a
+ href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2149">CVE-2012-2665</a></h2>
+
+ <h3> Manifest-processing errors in Apache OpenOffice 3.4.0
+ </h3>
+
+ <ul>
+
+ <h4>Severity: Important</h4>
+
+ <h4>Vendor: The Apache Software Foundation</h4>
+
+ <h4>Versions Affected:</h4>
+ <ul>
+ <li>Apache OpenOffice 3.4.0, all languages,
+ all platforms.</li>
+ <li>Earlier versions of OpenOffice.org may
+ be also affected.</li>
+ </ul>
+
+
+<h4>Description:</h4>
+<p> Description: When OpenOffice reads an ODF document, it first loads and
+ processes an XML stream within the file called the manifest. Apache
+ OpenOffice 3.4.0 has logic errors that allows a carefully crafted manifest
+ to cause reads and writes beyond allocated buffers.</p>
+ <p>
+ No specific exploit has been demonstrated
+ in this case, though such flaws generally are conducive to exploitation,
+ possibly including denial of service and elevation of privilege.
+ </p>
+
+ <h4>Mitigation</h4>
+ <p>OpenOffice users are advised to <a
+href="http://www.openoffice.org/download">upgrade to Apache OpenOffice
+3.4.1</a>. Users who are unable
+to upgrade immediately should exercise caution when opening untrusted ODF
+documents.</p>
+
+<h4>Credits</h4>
+
+<p>The Apache OpenOffice Security Team acknowledges Timo Warns of PRESENSE
+ Technologies GmbH as the discoverer of these flaws.</p>
+
+ <hr />
+
+ <p><a href="http://security.openoffice.org">Security Home</a> -> <a href="../bulletin.html">Bulletin</a> ->
+ <a href="CVE-2012-2665.html">CVE-2012-2665</a></p>
+</body>
+</html>