|
»
[vuxml] editors/openoffice.org-2: document CVE-2008-2237 and CVE-2008-2238
|
View:
New views
1 Messages
—
Rating Filter:
Alert me
|
 |
[vuxml] editors/openoffice.org-2: document CVE-2008-2237 and CVE-2008-2238
by Eygene Ryabinkin-3
::
Rate this Message:
>Submitter-Id: current-users >Originator: Eygene Ryabinkin >Organization: Code Labs >Confidential: no >Synopsis: [vuxml] editors/openoffice.org-2: document CVE-2008-2237 and CVE-2008-2238 >Severity: serious >Priority: high >Category: ports >Class: sw-bug >Release: FreeBSD 7.1-PRERELEASE i386 >Environment: System: FreeBSD 7.1-PRERELEASE i386 >Description: WMS/EMF processing flaws were found in the openoffice.org 2.x: http://www.securityfocus.com/bid/31962 >How-To-Repeat: Look at http://www.securityfocus.com/bid/31962 http://www.openoffice.org/security/cves/CVE-2008-2237.html http://www.openoffice.org/security/cves/CVE-2008-2238.html >Fix: Since 2.4.2 is in the tree, there is no point to upgrade any ports. I believe that openoffice-2-RC and openoffice-2-devel are vulnerable too, because vendor says about affected releases "All versions prior to OpenOffice.org 2.4.2". The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- <vuln vid=""> <topic>openoffice -- arbitrary code execution by processing crafted EMF/WMF files</topic> <affects> <package> <name>openoffice.org</name> <range><ge>2.4</ge><lt>2.4.2</lt></range> <range><ge>2.4.20040402</ge></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>Vendor notifies:</p> <blockquote cite="http://www.openoffice.org/security/cves/CVE-2008-2237.html"> <p>A security vulnerability with the way OpenOffice 2.x process WMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. No working exploit is known right now.</p> </blockquote> <blockquote cite="http://www.openoffice.org/security/cves/CVE-2008-2238.html"> <p>A security vulnerability with the way OpenOffice 2.x process EMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. No working exploit is known right now.</p> </blockquote> </body> </description> <references> <url>http://www.openoffice.org/security/cves/CVE-2008-2237.html</url> <url>http://www.openoffice.org/security/cves/CVE-2008-2238.html</url> <cvename>CVE-2008-2237</cvename> <cvename>CVE-2008-2238</cvename> <bid>31962</bid> </references> <dates> <discovery>2008-10-29</discovery> <entry>today</entry> </dates> </vuln> --- vuln.xml ends here --- I hope that the version specification catches all openoffice 2.x with x < 4.2 as well as -RC and -devel versions. _______________________________________________ freebsd-vuxml@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-vuxml To unsubscribe, send any mail to "freebsd-vuxml-unsubscribe@..." |
| Free embeddable forum powered by Nabble | Forum Help |
