Thank you, I didn't see page 3 at first. I got it done Joe On Thu, Mar 22, 2012 at 10:47 AM, drew jensen <[email protected]>wrote:
> On Thu, 2012-03-22 at 10:35 -0400, Joseph Reynolds wrote: > > Does anyone know how to install this patch? I downloaded the file but > don't > > know how to proceed. > > Hi Joseph, > > In the zip file containing the actual patch is also a Readme.pdf file > which explains how to do this. > > Are you saying that after reading the install instruction you are not > sure how to proceed, or will pointing you to these instructions help? > > Thanks, > > //drew > > > > > > On Thu, Mar 22, 2012 at 10:03 AM, Stacie Jones <[email protected] > >wrote: > > > > > So has data been leaked? Is that why we need the patch? > > > > > > On Thu, Mar 22, 2012 at 9:16 AM, Rob Weir <[email protected]> wrote: > > > > > > > Please note, this is the official security bulletin, targeted for > > > > security professionals. If you are an OpenOffice.org 3.3 user, and > > > > are able to apply the mentioned patch, then you are encouraged to do > > > > so. If someone else supports or manages your desktop, then please > > > > forward this information to them. > > > > > > > > Additional support is available on our Community Forums: > > > > > > > > http://user.services.openoffice.org/ > > > > > > > > And via our ooo-users mailing list: > > > > > > > > > > > > > > > > http://incubator.apache.org/openofficeorg/mailing-lists.html#users-mailing-list > > > > > > > > Note: This security patch for OpenOffice.org is made available to > > > > legacy OpenOffice.org users as a service by the Apache OpenOffice > > > > Project Management Committee. The patch is made available under the > > > > Apache License, and due to its importance, we are releasing it > outside > > > > of the standard release cycle. > > > > > > > > -Rob > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA512 > > > > > > > > CVE-2012-0037: OpenOffice.org data leakage vulnerability > > > > > > > > Severity: Important > > > > > > > > Vendor: The Apache Software Foundation > > > > > > > > Versions Affected: OpenOffice.org 3.3 and 3.4 Beta, on all platforms. > > > > Earlier versions may be also affected. > > > > > > > > Description: An XML External Entity (XXE) attack is possible in the > > > > above versions of OpenOffice.org. This vulnerability exploits the > way > > > > in > > > > which external entities are processed in certain XML components of > ODF > > > > documents. By crafting an external entity to refer to other local > > > > file system > > > > resources, an attacker would be able to inject contents of other > > > > locally- accessible files into the ODF document, without the user's > > > > knowledge or permission. Data leakage then becomes possible when > that > > > > document is later distributed to other parties. > > > > > > > > Mitigation: OpenOffice.org 3.3.0 and 3.4 beta users should install > the > > > > patch at: > http://www.openoffice.org/security/cves/CVE-2012-0037.html > > > > > > > > This vulnerability is also fixed in Apache OpenOffice 3.4 dev > > > > snapshots since March 1st, 2012. > > > > > > > > Source and Building: Information on obtaining the source code for > this > > > > patch, and for porting it or adapting it to OpenOffice.org > derivatives > > > > can be found here: > > > > http://www.openoffice.org/security/cves/CVE-2012-0037-src.txt > > > > > > > > Credit: The Apache OpenOffice project acknowledges and thanks the > > > > discoverer of this issue, Timothy D. Morgan of Virtual Security > > > > Research, LLC. > > > > > > > > References: http://security.openoffice.org > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > > Version: GnuPG v1.4.11 (GNU/Linux) > > > > > > > > iQIcBAEBCgAGBQJPayGmAAoJEGFAoYdHzLzHJVcP/jXzY+ROwPTAaSItCc4GAn2q > > > > Gm3uL9D9aRrs/pp+sofRkF9L3nyWEyyVfvZv6+IBrqOU/2Tu1CD8cY6Kns1ZYxVO > > > > ZRDiR5hhr3pA6KfWlb9W9it/8JsTF7WZfTX0uRMPXCYlJuYQ38Nl7kloPYswXG2w > > > > By2J19VanlHuwLQJoNV08652HBDy2Xpa6Wk7N5NoyETILOS47QTgizjAYZ2AY0GE > > > > ykBFu9A9yblLM5zftuMT/4FxkHQ8Qx5I3NmV3V8cUgJlmbc2oscsC23iIPcoulJF > > > > GSn8tub/e47xzgpJy69NoHgzmb6Ou+J3BDXr0kmH008P6FaTpTgPTltZ8Fcua+T2 > > > > JSWjzW5IBOW/20J9RN+5lkDJQTY5FiqqpjV7H6bZV3+MVx3Fk/ih1uJPr2cVZqaT > > > > pDU5xtn79py7MNsmpjnzD7mPbdiA2OfStzFpqUM60HOki7RgGpozvUPEvA0uIss9 > > > > X/jP1KixPDdbGS2fMrM7KG9mnT8BOzwow0Vti7alP2x2BkTXZm2K/qflXJDFCxTn > > > > g23OJIxlnhC8cK4etyezWNMSya4LLMgz6ZO+TEdvCSaaF6b3t6seskgnFAMcdPHY > > > > bkfzzYnACtrvQAmRQ1Nn4i1yFGAY+cTE7sUO2NcFhHn6jXaiZFEatdh4XJEEcTXl > > > > OZE/3v6XnehMD/32kipa > > > > =/qce > > > > -----END PGP SIGNATURE----- > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > > > > > -- > > > Peace, > > > Stacie M. Jones > > > ~"Lokaa samastaa sukhino bhavantu,"~ > > > "May all worlds be happy." > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
