That's good advice: apart from odd bits of stuff that belong with the op system and its maintenance I put all programmes in a separate partition from the op system, helping to minimize the mess that Windows makes of things. I also have a separate partition for data, on a separate hard disc.
On 28 Mar 2012 at 15:28, Scooter C wrote: Send reply to: [email protected] Date sent: Wed, 28 Mar 2012 15:28:30 -0400 From: Scooter C <[email protected]> To: "[email protected] >> Group for Users Open Office" <[email protected]> Subject: Fwd: Re: CVE-2012-0037: OpenOffice.org data leakage vulnerability > Two points I want to make. > The PDF instructions WERE adequate but misleading. I agree with John, > it should be more straight-forward or installable. > > One trick I learned years ago: Always put the program files where YOU > want them, not where the installer normally puts them. MY OOa Files > are in a folder named Office. Easy to keep track of new or replaced > files. I found unordfmi.dll easily, (due to prior experiences, I > renamed the file adding unordfmi.dll.OLD to the > extention,just-in-case). I copied the new unordfmi.dll to the same > folder and that was that - no complaining from the system. > > Take Care, > Scooter > > -------- Original Message -------- > Subject: Re: CVE-2012-0037: OpenOffice.org data leakage vulnerability > Date: Sun, 25 Mar 2012 19:59:56 +1100 From: Martin Groenescheij > <[email protected]> Reply-To: [email protected] > To: [email protected] > > > > Hi Boiling John, > > You could be a little more polite, keep in mind > that Rob provide this patch to protect or security. > The instructions are clear and I didn't had a > problem to install it. > > Martin > > On 25/03/2012 5:18 PM, John Boyle wrote: > > On 3/22/2012 6:16 AM, Rob Weir wrote: > >> Please note, this is the official security > >> bulletin, targeted for > >> security professionals. If you are an > >> OpenOffice.org 3.3 user, and > >> are able to apply the mentioned patch, then you > >> are encouraged to do > >> so. If someone else supports or manages your > >> desktop, then please > >> forward this information to them. > >> > >> Additional support is available on our > >> Community Forums: > >> > >> http://user.services.openoffice.org/ > >> > >> And via our ooo-users mailing list: > >> > >> http://incubator.apache.org/openofficeorg/mailing-lists.html#users > >> -mailing-list > >> > >> > >> Note: This security patch for OpenOffice.org > >> is made available to > >> legacy OpenOffice.org users as a service by the > >> Apache OpenOffice > >> Project Management Committee. The patch is > >> made available under the > >> Apache License, and due to its importance, we > >> are releasing it outside > >> of the standard release cycle. > >> > >> -Rob > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> Hash: SHA512 > >> > >> CVE-2012-0037: OpenOffice.org data leakage > >> vulnerability > >> > >> Severity: Important > >> > >> Vendor: The Apache Software Foundation > >> > >> Versions Affected: OpenOffice.org 3.3 and 3.4 > >> Beta, on all platforms. > >> Earlier versions may be also affected. > >> > >> Description: An XML External Entity (XXE) > >> attack is possible in the > >> above versions of OpenOffice.org. This > >> vulnerability exploits the way > >> in > >> which external entities are processed in > >> certain XML components of ODF > >> documents. By crafting an external entity to > >> refer to other local > >> file system > >> resources, an attacker would be able to inject > >> contents of other > >> locally- accessible files into the ODF > >> document, without the user's > >> knowledge or permission. Data leakage then > >> becomes possible when that > >> document is later distributed to other parties. > >> > >> Mitigation: OpenOffice.org 3.3.0 and 3.4 beta > >> users should install the > >> patch at: > >> http://www.openoffice.org/security/cves/CVE-2012-0037.html > >> > >> > >> This vulnerability is also fixed in Apache > >> OpenOffice 3.4 dev > >> snapshots since March 1st, 2012. > >> > >> Source and Building: Information on obtaining > >> the source code for this > >> patch, and for porting it or adapting it to > >> OpenOffice.org derivatives > >> can be found here: > >> http://www.openoffice.org/security/cves/CVE-2012-0037-src.txt > >> > >> > >> Credit: The Apache OpenOffice project > >> acknowledges and thanks the > >> discoverer of this issue, Timothy D. Morgan of > >> Virtual Security > >> Research, LLC. > >> > >> References: http://security.openoffice.org > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: GnuPG v1.4.11 (GNU/Linux) > >> > >> iQIcBAEBCgAGBQJPayGmAAoJEGFAoYdHzLzHJVcP/jXzY+ROwPTAaSItCc4GAn2q > >> > >> Gm3uL9D9aRrs/pp+sofRkF9L3nyWEyyVfvZv6+IBrqOU/2Tu1CD8cY6Kns1ZYxVO > >> > >> ZRDiR5hhr3pA6KfWlb9W9it/8JsTF7WZfTX0uRMPXCYlJuYQ38Nl7kloPYswXG2w > >> > >> By2J19VanlHuwLQJoNV08652HBDy2Xpa6Wk7N5NoyETILOS47QTgizjAYZ2AY0GE > >> > >> ykBFu9A9yblLM5zftuMT/4FxkHQ8Qx5I3NmV3V8cUgJlmbc2oscsC23iIPcoulJF > >> > >> GSn8tub/e47xzgpJy69NoHgzmb6Ou+J3BDXr0kmH008P6FaTpTgPTltZ8Fcua+T2 > >> > >> JSWjzW5IBOW/20J9RN+5lkDJQTY5FiqqpjV7H6bZV3+MVx3Fk/ih1uJPr2cVZqaT > >> > >> pDU5xtn79py7MNsmpjnzD7mPbdiA2OfStzFpqUM60HOki7RgGpozvUPEvA0uIss9 > >> > >> X/jP1KixPDdbGS2fMrM7KG9mnT8BOzwow0Vti7alP2x2BkTXZm2K/qflXJDFCxTn > >> > >> g23OJIxlnhC8cK4etyezWNMSya4LLMgz6ZO+TEdvCSaaF6b3t6seskgnFAMcdPHY > >> > >> bkfzzYnACtrvQAmRQ1Nn4i1yFGAY+cTE7sUO2NcFhHn6jXaiZFEatdh4XJEEcTXl > >> > >> OZE/3v6XnehMD/32kipa > >> =/qce > >> -----END PGP SIGNATURE----- > >> > >> ------------------------------------------------------------------ > >> --- > >> > >> To unsubscribe, e-mail: > >> [email protected] > >> For additional commands, e-mail: > >> [email protected] > >> > >> > > To Rob Weir: I have been a user of computers > > since the TRS 80 from Tandy and a user of > > OpenOffice for I don't know how many years! The > > asinine patch that was put out to be installed > > was badly done and I cannot use it whatsoever! > > Now, if someone cannot get it to their heads > > that a patch must be a simple install from the > > get go, then they are going to lose users of > > open office for their arrogance. A four-part > > Idiotic message claiming to give you a patch is > > actually totally worthless! Have you ever heard > > of the DUMMIES books and method of approach to > > this problem?:-( :-( :-( > > > > ------------------------------------------------------------------- > > -- > > > > To unsubscribe, e-mail: > > [email protected] > > For additional commands, e-mail: > > [email protected] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] For > additional commands, e-mail: [email protected] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] For > additional commands, e-mail: [email protected] > Niall Martin Phone 0131 4678468 Please reply to: niall<at>rndmartin.cix.co.uk --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
