CVE-2013-4156.html

buildbot Fri, 26 Jul 2013 00:30:52 -0700

Author: buildbot
Date: Fri Jul 26 07:29:40 2013
New Revision: 871239

Log:
Staging update by buildbot for ooo-site


Added:
    websites/staging/ooo-site/trunk/content/security/cves/CVE-2013-2189.html
    websites/staging/ooo-site/trunk/content/security/cves/CVE-2013-4156.html
Modified:
    websites/staging/ooo-site/trunk/cgi-bin/   (props changed)
    websites/staging/ooo-site/trunk/content/   (props changed)
    websites/staging/ooo-site/trunk/content/security/bulletin.html

Propchange: websites/staging/ooo-site/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Jul 26 07:29:40 2013
@@ -1 +1 @@
-1507137
+1507204

Propchange: websites/staging/ooo-site/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Jul 26 07:29:40 2013
@@ -1 +1 @@
-1507137
+1507204

Modified: websites/staging/ooo-site/trunk/content/security/bulletin.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/bulletin.html (original)
+++ websites/staging/ooo-site/trunk/content/security/bulletin.html Fri Jul 26 
07:29:40 2013
@@ -5,7 +5,7 @@
 
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 
-  <title>OpenOffice.org Security Team Bulletin</title>
+  <title>Apache OpenOffice Security Team Bulletin</title>
   <style type="text/css">
 /*<![CDATA[*/
     hr { display: block }
@@ -13,7 +13,6 @@
   </style>
 
 
-
 <!--#include virtual="/google-analytics.js" -->
 </head>
 <body>
@@ -29,9 +28,15 @@
     
     
     
-  <h2>OpenOffice.org Security Team Bulletin</h2>
+  <h2>Apache OpenOffice Security Team Bulletin</h2>
+
+  <p><strong>If you want to stay up to date on Apache OpenOffice security 
announcements, please subscribe to our <a href="alerts.html">security-alerts 
mailing list</a>.</strong></p>
 
-  <p><strong>If you want to stay up to date on OpenOffice.org security 
announcements, please subscribe to our <a href="alerts.html">security-alerts 
mailing list</a>.</strong></p>
+ <h3>Fixed in Apache OpenOffice 4.0.0</h3>
+<ul>
+<li><a href="cves/CVE-2013-2189.html">CVE-2013-2189</a>: DOC Memory Corruption 
Vulnerability in Apache OpenOffice</li>
+<li><a href="cves/CVE-2013-4156.html">CVE-2013-4156</a>: DOCM Memory 
Corruption Vulnerability in Apache OpenOffice</li>
+</ul>
 
  <h3>Fixed in Apache OpenOffice 3.4.1</h3>
 <ul>

Added: websites/staging/ooo-site/trunk/content/security/cves/CVE-2013-2189.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2013-2189.html 
(added)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2013-2189.html 
Fri Jul 26 07:29:40 2013
@@ -0,0 +1,58 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+       <title>CVE-2013-2189</title>
+       <style type="text/css"></style>
+
+<!--#include virtual="/google-analytics.js" -->
+</head>
+<body>
+<!--#include virtual="/brand.html" -->
+  <div id="topbara">
+    <!--#include virtual="/topnav.html" -->
+    <div id="breadcrumbsa"><a href="/">home</a>&nbsp;&raquo;&nbsp;<a 
href="/security/">security</a>&nbsp;&raquo;&nbsp;<a 
href="/security/cves/">cves</a></div>
+  </div>
+  <div id="clear"></div>
+  
+  
+  <div id="content">
+    
+    
+    
+       <h2><a 
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-2189";>CVE-2013-2189</a></h2>
+
+       <h3>OpenOffice DOC Memory Corruption Vulnerability</h3>
+
+       <ul>   
+       <h4>Severity: Important</h4>
+       <h4>Vendor: The Apache Software Foundation</h4>
+       <h4>Versions Affected:</h4>
+               <ul>
+               <li>Apache OpenOffice 3.4.0 to 3.4.1, on all platforms.</li>
+               <li>Earlier versions may be also affected.</li>
+       </ul>
+
+       <h4>Description:</h4>
+       <p>The vulnerability is caused by operating on invalid PLCF (Plex of 
Character Positions in File) data when parsing a malformed DOC document file.
+       Specially crafted documents can be used for denial-of-service attacks.
+       Further exploits are possible but have not been verified.
+
+       <h4>Mitigation</h4>
+       <p>Apache OpenOffice 3.4 users are advised to <a 
href="http://download.openoffice.org";>upgrade to Apache OpenOffice 4.0</a>.
+       Users who are unable to upgrade immediately should be cautious when 
opening untrusted documents.
+
+       <h4>Credits</h4>
+       <p>The Apache OpenOffice security team credits Jeremy Brown of 
Microsoft Vulnerability Research as the discoverer of this flaw.</p>
+
+       <hr />
+
+       <p><a href="http://security.openoffice.org";>Security Home</a>
+       -&gt; <a 
href="http://security.openoffice.org/bulletin.html";>Bulletin</a>
+       -&gt; <a 
href="http://security.openoffice.org/security/cves/CVE-2013-2189.html";>CVE-2013-2189</a></p>
+
+  </div>
+<!--#include virtual="/footer.html" -->
+</body>
+</html>

Added: websites/staging/ooo-site/trunk/content/security/cves/CVE-2013-4156.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2013-4156.html 
(added)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2013-4156.html 
Fri Jul 26 07:29:40 2013
@@ -0,0 +1,58 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+       <title>CVE-2013-4156</title>
+       <style type="text/css"></style>
+
+<!--#include virtual="/google-analytics.js" -->
+</head>
+<body>
+<!--#include virtual="/brand.html" -->
+  <div id="topbara">
+    <!--#include virtual="/topnav.html" -->
+    <div id="breadcrumbsa"><a href="/">home</a>&nbsp;&raquo;&nbsp;<a 
href="/security/">security</a>&nbsp;&raquo;&nbsp;<a 
href="/security/cves/">cves</a></div>
+  </div>
+  <div id="clear"></div>
+  
+  
+  <div id="content">
+    
+    
+    
+       <h2><a 
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-4156";>CVE-2013-4156</a></h2>
+
+       <h3>OpenOffice DOCM Memory Corruption Vulnerability</h3>
+
+       <ul>   
+       <h4>Severity: Important</h4>
+       <h4>Vendor: The Apache Software Foundation</h4>
+       <h4>Versions Affected:</h4>
+               <ul>
+               <li>Apache OpenOffice 3.4.0 to 3.4.1, on all platforms.</li>
+               <li>Earlier versions may be also affected.</li>
+       </ul>
+
+       <h4>Description:</h4>
+       <p>The vulnerability is caused by mishandling of unknown XML elements 
when parsing OOXML document files.
+       Specially crafted documents can be used for denial-of-service attacks.
+       Further exploits are possible but have not been verified.
+
+       <h4>Mitigation</h4>
+       <p>Apache OpenOffice 3.4 users are advised to <a 
href="http://download.openoffice.org";>upgrade to Apache OpenOffice 4.0</a>.
+       Users who are unable to upgrade immediately should be cautious when 
opening untrusted documents.
+
+       <h4>Credits</h4>
+       <p>The Apache OpenOffice security team credits Jeremy Brown of 
Microsoft Vulnerability Research as the discoverer of this flaw.</p>
+
+       <hr />
+
+       <p><a href="http://security.openoffice.org";>Security Home</a>
+       -&gt; <a 
href="http://security.openoffice.org/bulletin.html";>Bulletin</a>
+       -&gt; <a 
href="http://security.openoffice.org/security/cves/CVE-2013-4156.html";>CVE-2013-4156</a></p>
+
+  </div>
+<!--#include virtual="/footer.html" -->
+</body>
+</html>

svn commit: r871239 - in /websites/staging/ooo-site/trunk: cgi-bin/ content/ content/security/bulletin.html content/security/cves/CVE-2013-2189.html content/security/cves/CVE-2013-4156.html

Reply via email to