Dear Dennis, Thanks again, for staying up on these crucial items.. and.. letting us know what's happening. For everyone (one) person, like me, who thanks you.. I am SURE, there litteraly THOUSANDS, who feel the same.. but just don't write you.. Halvy (John) :)
On Tue, Aug 30, 2016, at 08:11 AM, Dennis E. Hamilton wrote: > The change is availability of a Hotfix. -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 CVE-2016-1513 > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1513> Apache > OpenOffice Advisory > <https://www.openoffice.org/security/cves/CVE-2016-1513.html> Title: > Memory Corruption Vulnerability (Impress Presentations) Version 2.0 > Updated August 30, 2016 Announced July 21, 2016 Description An > OpenDocument Presentation .ODP or Presentation Template .OTP file can > contain invalid presentation elements that lead to memory corruption > when the document is loaded in Apache OpenOffice Impress. The defect > may cause the document to appear as corrupted and OpenOffice may crash > in a recovery- stuck mode. A crafted exploitation of the defect can > allow an attacker to cause denial of service (memory corruption and > application crash) and possible execution of arbitrary code. Impress > cannot be used to directly produce documents having the CVE-2016-1513- > related defect. Impress-authored .ODP and .OTP documents of an user's > own that exhibit any of these characteristics are not the result of an > exploit. They may be consequences of a separate Impress defect that > should be reported. Severity: Medium There are no known exploits of > this vulnerability. A proof-of-concept demonstration exists. Vendor: > The Apache Software Foundation Versions Affected: All Apache > OpenOffice versions 4.1.2 and older are affected. OpenOffice.org > versions are also affected. Mitigation: Install the 4.1.2-patch1 > Hotfix available at > <http://archive.apache.org/dist/openoffice/4.1.2-patch1/hotfix.html>. > A source-code patch that blocks the vulnerability has been developed > and is available for developers at > <https://bz.apache.org/ooo/show_bug.cgi?id=127045>. Antivirus > products can detect documents attempting to exploit this vulnerability > by employing Snort Signature IDs 35828-35829. Defenses and Work- > Arounds: If you are unable to apply the Hotfix to Apache OpenOffice > 4.1.2 (after updating to that version, if necessary), there are other > precautions that can be taken. These precautions are applicable in > avoiding other possible exploits as well. For defects such as those > involved in CVE-2016-1513, documents can be crafted to cause memory > corruption enough to crash Apache OpenOffice. Beyond that, however, > the conditions under which arbitrary code can be executed are complex > and difficult to achieve in an undetected manner. An important layer > of defense for all such cases is to avoid operating Apache OpenOffice > (and any other personal productivity programs) under a computer > account that has administrative privileges of any kind. While > installation of Apache OpenOffice requires elevated privileges and > user permission on platforms such as Microsoft Windows, operation of > the software does not. Keeping antivirus/antimalware software current > is also important. This will serve to identify and distinguish > suspicious documents that involve the exploit, avoiding confusion with > documents that are damaged and/or fail for other reasons. Further > Information: For additional information and assistance, consult the > Apache OpenOffice Community Forums, <https://forum.openoffice.org/> or > make requests to the <mailto:[email protected]> public > mailing list. Defects not involving suspected security > vulnerabilities can be reported via > <http://www.openoffice.org/qa/issue_handling/pre_submission.html>. > The latest information on Apache OpenOffice security bulletins can be > found at the Bulletin Archive page > <http://www.openoffice.org/security/bulletin.html>. Credits: The > Apache OpenOffice project acknowledges the discovery and analysis for > CVE-2016-1513 by Yves Younan and Richard Johnson of Cisco Talos. ----- > BEGIN PGP SIGNATURE----- Version: GnuPG v2 > iQEcBAEBCAAGBQJXxGFtAAoJEPluif/UVmKKMYkH/254PYIrlYdYi3e9CnE4a806 > 6IOsFEtTAaSKi0Pvbgb+ycyTEU4MHmgodpMjMnWRxS/OES3C8W7VvEhRSC6xhT1O > czVmiPbd7nIf6K473DQzgFWhd2tci8gIpwNv6NgznV/gA+MePrhILv9JBfIe19AE > UvQqgk+O5qd8I9qoxWSROQs1/syC6TMa52D2Fy97mgAKzlqDoN2vxfDyV1lIci3H > PYEqYPHIwMGXeud+kAA1eJxcrC3jNqGgRJQD4646w0z1ewhZ3G4dNiHD+BFsBKph > CcSR2/hZcv9H11YBO7jSFYUza8seRzzx/t79kJrvQgDGQLQOWYe7rZ0QbCsskEE= =O9aE > -----END PGP SIGNATURE----- > - My alt email addy is: [email protected] -- Words.. they are everything...
