incubator-ooo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From robw...@apache.org
Subject svn commit: r1402646 - in /incubator/ooo/ooo-site/trunk/content/security: CVE-2006-2198.html CVE-2006-2199.html CVE-2006-3117.html bulletin-20060629.html
Date Fri, 26 Oct 2012 20:12:05 GMT
Author: robweir
Date: Fri Oct 26 20:12:05 2012
New Revision: 1402646

URL: http://svn.apache.org/viewvc?rev=1402646&view=rev
Log:
Fix some a bunch of broken incoming links by resurrecting an old security bulletin from archive.org
and copy the referenced CVE's.

Added:
    incubator/ooo/ooo-site/trunk/content/security/CVE-2006-2198.html
    incubator/ooo/ooo-site/trunk/content/security/CVE-2006-2199.html
    incubator/ooo/ooo-site/trunk/content/security/CVE-2006-3117.html
    incubator/ooo/ooo-site/trunk/content/security/bulletin-20060629.html

Added: incubator/ooo/ooo-site/trunk/content/security/CVE-2006-2198.html
URL: http://svn.apache.org/viewvc/incubator/ooo/ooo-site/trunk/content/security/CVE-2006-2198.html?rev=1402646&view=auto
==============================================================================
--- incubator/ooo/ooo-site/trunk/content/security/CVE-2006-2198.html (added)
+++ incubator/ooo/ooo-site/trunk/content/security/CVE-2006-2198.html Fri Oct 26 20:12:05 2012
@@ -0,0 +1,49 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>CVE-2006-2198</title>
+  <style type="text/css">
+/*<![CDATA[*/
+    hr { display: block }
+  /*]]>*/
+  </style>
+</head>
+<body>
+<h2>Macro, CVE-2006-2198</h2>
+<h3>Macro Vulnerability</h3>
+<ul>
+  <li> <strong>Synopsis: </strong>Security Vulnerability With Macros in
OpenOffice.org
+  <li> <strong>Issue ID: </strong>66863
+  <li> <strong>State: </strong>Resolved
+</ul>
+<h4>1. Impact</h4>
+<p>A security vulnerability in OpenOffice.org may make it possible to inject basic
code into documents which is executed upon loading of the document. The user will not be asked
or notified and the macro will have full access to system resources with current user's privileges.
As a result, the macro may delete/replace files, read/send private data and/or cause additional
security issues.</p>
+<p><b>Note:</b> Disabling document macros will not prevent this issue.</p>
+<p>
+This issue is also described in<br>
+CVE-2006-2198, <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2198">http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2198</a>,
+<br>
+Sun Alert 102490,
+<a href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-102490-1">
+http://sunsolve.sun.com/search/document.do?assetkey=1-26-102490-1</a>
+</p>
+<h4>2. Contributing Factors</h4>
+<p>This issue can occur in the following releases:</p>
+<p><strong>OpenOffice.org 1.1.x,</strong> <strong>OpenOffice.org
2.0.x</strong></p>
+<h4>3. Symptoms</h4>
+<p>There are no predictable symptoms that would indicate the described issue has been
exploited.</p>
+<h4>4. Relief/Workaround</h4>
+<p>There is no workaround. Please see the &quot;Resolution&quot; section below.</p>
+<h4>5. Resolution</h4>
+<p>This issue is addressed in the following releases:</p>
+<p><strong>OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.0.3</strong></p>
+    <hr />
+    <p>
+      <a href="//security/">Security Home</a> -> 
+        <a href="//security/bulletin.html">Bulletin</a> ->
+        <a href="//security/cves/CVE-2006-2198.html">CVE-2006-2198</a>
+    </p>
+</body>
+</html>

Added: incubator/ooo/ooo-site/trunk/content/security/CVE-2006-2199.html
URL: http://svn.apache.org/viewvc/incubator/ooo/ooo-site/trunk/content/security/CVE-2006-2199.html?rev=1402646&view=auto
==============================================================================
--- incubator/ooo/ooo-site/trunk/content/security/CVE-2006-2199.html (added)
+++ incubator/ooo/ooo-site/trunk/content/security/CVE-2006-2199.html Fri Oct 26 20:12:05 2012
@@ -0,0 +1,63 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>CVE-2006-2199</title>
+  <style type="text/css">
+/*<![CDATA[*/
+    hr { display: block }
+  /*]]>*/
+  </style>
+
+</head>
+
+<body>
+<h2>Java Applets, CVE-2006-2199</h2>
+<h3>Java Applets </h3>
+<ul><li><strong>Synopsis:</strong> Security Vulnerability With Java
Applets in OpenOffice.org </li>
+    <li> <strong>Issue ID:</strong> 66862</li>
+    <li> <strong>State:</strong> Resolved</li>
+</ul>
+<h4><strong>1. Impact</strong></h4>
+<p>A security vulnerability related to OpenOffice.org documents may allow certain Java
applets to break through the &quot;sandbox&quot; and therefore have full access to
system resources with current user privileges. The offending Applets may be constructed to
destroy/replace files, read or send private data, and/or cause additional security issues.</p>
+<p>This issue is also described in
+<br>
+CVE-2006-2199,
+<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2199">http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2199</a>,
+<br>Sun Alert 102475
+<a href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-102475-1">
+http://sunsolve.sun.com/search/document.do?assetkey=1-26-102475-1</a>
+</p>
+<h4><strong>2. Contributing Factors</strong></h4>
+<p>This issue can occur in the following releases:</p>
+<p><strong>OpenOffice.org 1.1.x, OpenOffice.org 2.0.x</strong></p>
+<h4><strong>3. Symptoms</strong></h4>
+<p>There are no predictable symptoms that would indicate the described issue has been
exploited.</p>
+<h4><strong>4. Relief/Workaround</strong></h4>
+<p>To work around the described issue, disable support for Java Applets (for OpenOffice.org)
by doing the following:</p>
+<p><strong>OpenOffice.org 1.x :</strong></p>
+<p>In options dialog: Select --&gt; Tools/Options/OpenOffice.org/Security --&gt;
uncheck &quot;Enable Applets&quot;</p>
+<p><strong>OpenOffice.org 2.x </strong></p>
+<p>There is no longer a User Interface (UI) for configuring this option in OpenOffice.org
2.0; the change must be done in configuration files with a text editor. Add the following
into your OpenOffice.org settings (typically) for this file <code>&quot;~/.openoffice2.0/user/registry/data/org/openoffice/Office/Common.xcu&quot;:</code></p>
+<p><code>&lt;node oor:name=&quot;Java&quot;&gt;<br>
+&lt;node oor:name=&quot;Applet&quot;&gt;<br>
+&lt;prop oor:name=&quot;Enable&quot; oor:type=&quot;xs:boolean&quot;&gt;<br>
+&lt;value&gt;false&lt;/value&gt;<br>
+&lt;/prop&gt;<br>
+&lt;/node&gt;<br>
+&lt;/node&gt;</code></p>
+<h4>5. Resolution</h4>
+<p>This issue is addressed in the following releases:</p>
+<p><strong>OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.0.3</strong></p>
+<p><strong>Notes:</strong></p>
+<p>With the updated versions for OpenOffice.org, support for Java applets in OpenOffice.org
will be disabled.</p>
+<p>&nbsp;</p>
+    <hr />
+    <p>
+      <a href="//security/">Security Home</a> -> 
+        <a href="//security/bulletin.html">Bulletin</a> ->
+        <a href="//security/cves/CVE-2006-2199.html">CVE-2006-2199</a>
+    </p>
+</body>
+</html>

Added: incubator/ooo/ooo-site/trunk/content/security/CVE-2006-3117.html
URL: http://svn.apache.org/viewvc/incubator/ooo/ooo-site/trunk/content/security/CVE-2006-3117.html?rev=1402646&view=auto
==============================================================================
--- incubator/ooo/ooo-site/trunk/content/security/CVE-2006-3117.html (added)
+++ incubator/ooo/ooo-site/trunk/content/security/CVE-2006-3117.html Fri Oct 26 20:12:05 2012
@@ -0,0 +1,56 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+"http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>CVE-2006-3117</title>
+  <style type="text/css">
+/*<![CDATA[*/
+    hr { display: block }
+  /*]]>*/
+  </style>
+
+</head>
+<body>
+<h2>File Format, CVE-2006-3117</h2>
+<h3>File Format</h3>
+<ul>
+  <li><strong>Synopsis</strong>: File Format / Buffer Overflow Vulnerability:
Loading malformed XML documents can cause buffer overflows and crash OpenOffice.org.</li>
+  <li><strong>Issue ID:</strong> 66866</li>
+  <li><strong>State:</strong> Resolved</li>
+</ul>
+<h4> 1. Impact: </h4>
+<p> The buffer overflow allows for a value to be written to an arbitrary location in
memory. This may lead to command execution in the context of the current user. </p>
+<p> This issue is also described in
+<br>
+ CVE-2006-3117 at: <a HREF="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117">http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117</a>,
+<br>NGSSoftware Advisory, 
+<a href="http://www.ngssoftware.com/advisories/openoffice.txt">
+http://www.ngssoftware.com/advisories/openoffice.txt</a>
+<br>
+Sun Alert 102501,
+<a href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-102501-1">
+http://sunsolve.sun.com/search/document.do?assetkey=1-26-102501-1
+</a>
+</p>
+<h4> 2. Contributing Factors: </h4>
+<p> This issue can occur in the following releases:<strong> OpenOffice.org 1.1.x</strong>
and <strong>OpenOffice.org 2.0.x</strong> </p>
+<h4> 3. Symptoms: </h4>
+<p> OpenOffice.org can crash due to internal buffer overflows when loading a malformed
document. </p>
+<h4> 4. Relief/Workaround:</h4>
+<p> None.</p>
+<h4> 5. Resolution: </h4>
+<p><strong>OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.0.3</strong></p>
+<h4> 6. Credits: </h4>
+<p>
+Wade Alcorn of NGSSoftware discovered the vulnerability and aided in the explanation/fix.
+</P>
+<p>&nbsp;</p>
+    <hr />
+    <p>
+      <a href="//security/">Security Home</a> -> 
+        <a href="//security/bulletin.html">Bulletin</a> ->
+        <a href="//security/cves/CVE-2006-3117.html">CVE-2006-3117</a>
+    </p>
+</body>
+</html>

Added: incubator/ooo/ooo-site/trunk/content/security/bulletin-20060629.html
URL: http://svn.apache.org/viewvc/incubator/ooo/ooo-site/trunk/content/security/bulletin-20060629.html?rev=1402646&view=auto
==============================================================================
--- incubator/ooo/ooo-site/trunk/content/security/bulletin-20060629.html (added)
+++ incubator/ooo/ooo-site/trunk/content/security/bulletin-20060629.html Fri Oct 26 20:12:05
2012
@@ -0,0 +1,23 @@
+<html>
+           
+ <head>
+ <title>
+         Security Bulletin 2006-06-29
+    </title>
+
+</head>
+ 
+ 
+<body>
+
+<h2>Security Bulletin 2006-06-29</h2>
+<p>OpenOffice.org 2.0.3 fixes three security vulnerabilites that have been found through
internal security audits. Although there are currently no known exploits, we urge all users
of 2.0.x prior to 2.0.2 to upgrade to the new version or install their vendor's patches accordingly.
Patches for users of OpenOffice.org 1.1.5 will be available shortly.</p>
+<p>The three vulnerabilities involve:</p>
+<ul>
+  <li><a href="CVE-2006-2199.html"> Java Applets, CVE-2006-2199</a></li>
+  <li><a href="CVE-2006-2198.html">Macro, CVE-2006-2198</a>; and</li>
+  <li><a href="CVE-2006-3117.html">File Format, CVE-2006-3117</a></li>
+</ul>
+</body>
+</html>
+



Mime
View raw message