Author: hdu
Date: Fri Jul 26 07:28:31 2013
New Revision: 1507204
URL: http://svn.apache.org/r1507204
Log:
updated for CVE-2013-2189 and CVE-2013-4156
Added:
openoffice/ooo-site/trunk/content/security/cves/CVE-2013-2189.html
openoffice/ooo-site/trunk/content/security/cves/CVE-2013-4156.html
Modified:
openoffice/ooo-site/trunk/content/security/bulletin.html
Modified: openoffice/ooo-site/trunk/content/security/bulletin.html
URL:
http://svn.apache.org/viewvc/openoffice/ooo-site/trunk/content/security/bulletin.html?rev=1507204&r1=1507203&r2=1507204&view=diff
==============================================================================
--- openoffice/ooo-site/trunk/content/security/bulletin.html (original)
+++ openoffice/ooo-site/trunk/content/security/bulletin.html Fri Jul 26
07:28:31 2013
@@ -5,20 +5,25 @@
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <title>OpenOffice.org Security Team Bulletin</title>
+ <title>Apache OpenOffice Security Team Bulletin</title>
<style type="text/css">
/*<![CDATA[*/
hr { display: block }
/*]]>*/
</style>
-
</head>
<body>
- <h2>OpenOffice.org Security Team Bulletin</h2>
+ <h2>Apache OpenOffice Security Team Bulletin</h2>
+
+ <p><strong>If you want to stay up to date on Apache OpenOffice security
announcements, please subscribe to our <a href="alerts.html">security-alerts
mailing list</a>.</strong></p>
- <p><strong>If you want to stay up to date on OpenOffice.org security
announcements, please subscribe to our <a href="alerts.html">security-alerts
mailing list</a>.</strong></p>
+ <h3>Fixed in Apache OpenOffice 4.0.0</h3>
+<ul>
+<li><a href="cves/CVE-2013-2189.html">CVE-2013-2189</a>: DOC Memory Corruption
Vulnerability in Apache OpenOffice</li>
+<li><a href="cves/CVE-2013-4156.html">CVE-2013-4156</a>: DOCM Memory
Corruption Vulnerability in Apache OpenOffice</li>
+</ul>
<h3>Fixed in Apache OpenOffice 3.4.1</h3>
<ul>
Added: openoffice/ooo-site/trunk/content/security/cves/CVE-2013-2189.html
URL:
http://svn.apache.org/viewvc/openoffice/ooo-site/trunk/content/security/cves/CVE-2013-2189.html?rev=1507204&view=auto
==============================================================================
--- openoffice/ooo-site/trunk/content/security/cves/CVE-2013-2189.html (added)
+++ openoffice/ooo-site/trunk/content/security/cves/CVE-2013-2189.html Fri Jul
26 07:28:31 2013
@@ -0,0 +1,41 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head profile="http://www.w3.org/2005/10/profile";>
+ <title>CVE-2013-2189</title>
+ <style type="text/css"></style>
+</head>
+
+<body>
+ <h2><a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2189";>CVE-2013-2189</a></h2>
+
+ <h3>OpenOffice DOC Memory Corruption Vulnerability</h3>
+
+ <ul>
+ <h4>Severity: Important</h4>
+ <h4>Vendor: The Apache Software Foundation</h4>
+ <h4>Versions Affected:</h4>
+ <ul>
+ <li>Apache OpenOffice 3.4.0 to 3.4.1, on all platforms.</li>
+ <li>Earlier versions may be also affected.</li>
+ </ul>
+
+ <h4>Description:</h4>
+ <p>The vulnerability is caused by operating on invalid PLCF (Plex of
Character Positions in File) data when parsing a malformed DOC document file.
+ Specially crafted documents can be used for denial-of-service attacks.
+ Further exploits are possible but have not been verified.
+
+ <h4>Mitigation</h4>
+ <p>Apache OpenOffice 3.4 users are advised to <a
href="http://download.openoffice.org";>upgrade to Apache OpenOffice 4.0</a>.
+ Users who are unable to upgrade immediately should be cautious when
opening untrusted documents.
+
+ <h4>Credits</h4>
+ <p>The Apache OpenOffice security team credits Jeremy Brown of
Microsoft Vulnerability Research as the discoverer of this flaw.</p>
+
+ <hr />
+
+ <p><a href="http://security.openoffice.org";>Security Home</a>
+ -> <a
href="http://security.openoffice.org/bulletin.html";>Bulletin</a>
+ -> <a
href="http://security.openoffice.org/security/cves/CVE-2013-2189.html";>CVE-2013-2189</a></p>
+</body>
+</html>
+
Added: openoffice/ooo-site/trunk/content/security/cves/CVE-2013-4156.html
URL:
http://svn.apache.org/viewvc/openoffice/ooo-site/trunk/content/security/cves/CVE-2013-4156.html?rev=1507204&view=auto
==============================================================================
--- openoffice/ooo-site/trunk/content/security/cves/CVE-2013-4156.html (added)
+++ openoffice/ooo-site/trunk/content/security/cves/CVE-2013-4156.html Fri Jul
26 07:28:31 2013
@@ -0,0 +1,41 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml";>
+<head profile="http://www.w3.org/2005/10/profile";>
+ <title>CVE-2013-4156</title>
+ <style type="text/css"></style>
+</head>
+
+<body>
+ <h2><a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-4156";>CVE-2013-4156</a></h2>
+
+ <h3>OpenOffice DOCM Memory Corruption Vulnerability</h3>
+
+ <ul>
+ <h4>Severity: Important</h4>
+ <h4>Vendor: The Apache Software Foundation</h4>
+ <h4>Versions Affected:</h4>
+ <ul>
+ <li>Apache OpenOffice 3.4.0 to 3.4.1, on all platforms.</li>
+ <li>Earlier versions may be also affected.</li>
+ </ul>
+
+ <h4>Description:</h4>
+ <p>The vulnerability is caused by mishandling of unknown XML elements
when parsing OOXML document files.
+ Specially crafted documents can be used for denial-of-service attacks.
+ Further exploits are possible but have not been verified.
+
+ <h4>Mitigation</h4>
+ <p>Apache OpenOffice 3.4 users are advised to <a
href="http://download.openoffice.org";>upgrade to Apache OpenOffice 4.0</a>.
+ Users who are unable to upgrade immediately should be cautious when
opening untrusted documents.
+
+ <h4>Credits</h4>
+ <p>The Apache OpenOffice security team credits Jeremy Brown of
Microsoft Vulnerability Research as the discoverer of this flaw.</p>
+
+ <hr />
+
+ <p><a href="http://security.openoffice.org";>Security Home</a>
+ -> <a
href="http://security.openoffice.org/bulletin.html";>Bulletin</a>
+ -> <a
href="http://security.openoffice.org/security/cves/CVE-2013-4156.html";>CVE-2013-4156</a></p>
+</body>
+</html>
+
