Hello, I am a One Stop Shop for myself. If I knew about security, I'd manage it. I guess I can manage this. Thanks Stacie
On Sat, Mar 24, 2012 at 7:03 PM, John Boyle <[email protected]> wrote: > On 3/22/2012 6:16 AM, Rob Weir wrote: > >> Please note, this is the official security bulletin, targeted for >> security professionals. If you are an OpenOffice.org 3.3 user, and >> are able to apply the mentioned patch, then you are encouraged to do >> so. If someone else supports or manages your desktop, then please >> forward this information to them. >> >> Additional support is available on our Community Forums: >> >> http://user.services.**openoffice.org/<http://user.services.openoffice.org/> >> >> And via our ooo-users mailing list: >> >> http://incubator.apache.org/**openofficeorg/mailing-lists.** >> html#users-mailing-list<http://incubator.apache.org/openofficeorg/mailing-lists.html#users-mailing-list> >> >> Note: This security patch for OpenOffice.org is made available to >> legacy OpenOffice.org users as a service by the Apache OpenOffice >> Project Management Committee. The patch is made available under the >> Apache License, and due to its importance, we are releasing it outside >> of the standard release cycle. >> >> -Rob >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> CVE-2012-0037: OpenOffice.org data leakage vulnerability >> >> Severity: Important >> >> Vendor: The Apache Software Foundation >> >> Versions Affected: OpenOffice.org 3.3 and 3.4 Beta, on all platforms. >> Earlier versions may be also affected. >> >> Description: An XML External Entity (XXE) attack is possible in the >> above versions of OpenOffice.org. This vulnerability exploits the way >> in >> which external entities are processed in certain XML components of ODF >> documents. By crafting an external entity to refer to other local >> file system >> resources, an attacker would be able to inject contents of other >> locally- accessible files into the ODF document, without the user's >> knowledge or permission. Data leakage then becomes possible when that >> document is later distributed to other parties. >> >> Mitigation: OpenOffice.org 3.3.0 and 3.4 beta users should install the >> patch at: >> http://www.openoffice.org/**security/cves/CVE-2012-0037.**html<http://www.openoffice.org/security/cves/CVE-2012-0037.html> >> >> This vulnerability is also fixed in Apache OpenOffice 3.4 dev >> snapshots since March 1st, 2012. >> >> Source and Building: Information on obtaining the source code for this >> patch, and for porting it or adapting it to OpenOffice.org derivatives >> can be found here: http://www.openoffice.org/** >> security/cves/CVE-2012-0037-**src.txt<http://www.openoffice.org/security/cves/CVE-2012-0037-src.txt> >> >> Credit: The Apache OpenOffice project acknowledges and thanks the >> discoverer of this issue, Timothy D. Morgan of Virtual Security >> Research, LLC. >> >> References: http://security.openoffice.org >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.11 (GNU/Linux) >> >> iQIcBAEBCgAGBQJPayGmAAoJEGFAoY**dHzLzHJVcP/jXzY+**ROwPTAaSItCc4GAn2q >> Gm3uL9D9aRrs/pp+**sofRkF9L3nyWEyyVfvZv6+IBrqOU/**2Tu1CD8cY6Kns1ZYxVO >> ZRDiR5hhr3pA6KfWlb9W9it/**8JsTF7WZfTX0uRMPXCYlJuYQ38Nl7k**loPYswXG2w >> By2J19VanlHuwLQJoNV08652HBDy2X**pa6Wk7N5NoyETILOS47QTgizjAYZ2A**Y0GE >> ykBFu9A9yblLM5zftuMT/**4FxkHQ8Qx5I3NmV3V8cUgJlmbc2osc**sC23iIPcoulJF >> GSn8tub/e47xzgpJy69NoHgzmb6Ou+**J3BDXr0kmH008P6FaTpTgPTltZ8Fcu**a+T2 >> JSWjzW5IBOW/20J9RN+**5lkDJQTY5FiqqpjV7H6bZV3+**MVx3Fk/ih1uJPr2cVZqaT >> pDU5xtn79py7MNsmpjnzD7mPbdiA2O**fStzFpqUM60HOki7RgGpozvUPEvA0u**Iss9 >> X/**jP1KixPDdbGS2fMrM7KG9mnT8BOzwo**w0Vti7alP2x2BkTXZm2K/**qflXJDFCxTn >> g23OJIxlnhC8cK4etyezWNMSya4LLM**gz6ZO+**TEdvCSaaF6b3t6seskgnFAMcdPHY >> bkfzzYnACtrvQAmRQ1Nn4i1yFGAY+**cTE7sUO2NcFhHn6jXaiZFEatdh4XJE**EcTXl >> OZE/3v6XnehMD/32kipa >> =/qce >> -----END PGP SIGNATURE----- >> >> ------------------------------**------------------------------**--------- >> To unsubscribe, e-mail: >> ooo-users-unsubscribe@**incubator.apache.org<[email protected]> >> For additional commands, e-mail: >> ooo-users-help@incubator.**apache.org<[email protected]> >> >> >> To users: I have not been able to install the patch, whatsoever, and I > am using Windows 7! Now, is there a 3.4 version For OpenOffice, anywhere? > Or would it be better to uninstall, until Apache OpenOffice comes out? Or, > would it be better to go ahead and download libre office, latest version > while waiting for Apache to come out with their own?:-\ > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > ooo-users-unsubscribe@**incubator.apache.org<[email protected]> > For additional commands, e-mail: > ooo-users-help@incubator.**apache.org<[email protected]> > > -- Peace, Stacie M. Jones ~"Lokaa samastaa sukhino bhavantu,"~ "May all worlds be happy."
