incubator-ooo-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From NoOp <gl...@sbcglobal.net>
Subject Re: CVE-2012-0037: OpenOffice.org data leakage vulnerability
Date Tue, 24 Apr 2012 02:06:44 GMT
On 04/23/2012 02:00 PM, Ariel Constenla-Haile wrote:
...
> 
> Warning: I did little testing on the following, so backup the library
> (and your data) before doing your own tests.
> 
> AFAIK the solution is rather simple, because the library with the
> vulnerability is a UNO component, so it uses stable interfaces: you can
> simply copy the library from the AOO RC1 in your OOo 3.3 installation.
> The library is /opt/openoffice.org/basis3.4/program/libunordf.so
> 
> Note that libraries in Linux used to have a postfix that was removed in
> AOO, so adjust the library name (and before, do a backup):
> 
> 
> Do the back-up:
> Linux 64 bits:
> ]$ sudo mv /opt/openoffice.org/basis3.3/program/libunordflx.so /opt/openoffice.org/basis3.3/program/libunordflx.so.bk
> Linux 32 bits:
> ]$ sudo mv /opt/openoffice.org/basis3.3/program/libunordfli.so /opt/openoffice.org/basis3.3/program/libunordfli.so.bk
> 
> Copy the library:
> In Linux 64 bits
> ]$ sudo cp -fv libunordf.so /opt/openoffice.org/basis3.3/program/libunordflx.so
> In Linux 32 bits
> ]$ sudo cp -fv libunordf.so /opt/openoffice.org/basis3.3/program/libunordfli.so
> 
> My tests worked fine on Linux 32 and 64 bits.
> More people testing is welcome.

Thanks Ariel! I'll try to test tomorrow. Currently the 3.4 versions:
<https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+3.4+Unofficial+Developer+Snapshots>
install into the same location as OOo 3.3.0 (/opt/openoffice.org3)
instead of /opt/openoffice.org3.4/. So, I'll need to do complete
parallel installs in order to test properly. Note: I could just as
easily extract the .so from the .deb if I knew which one(s).

Gary


---------------------------------------------------------------------
To unsubscribe, e-mail: ooo-users-unsubscribe@incubator.apache.org
For additional commands, e-mail: ooo-users-help@incubator.apache.org


Mime
View raw message