Date: prev next · Thread: first prev next last
2013 Archives by date, by thread · List index


FWIW:
I do not know the correlation of versions between LO and AOO, but today I got the following two security reports from the AOO users forum:

-------------------------------------------------------

CVE-2013-2189
OpenOffice DOC Memory Corruption Vulnerability

Severity: Important
Vendor: The Apache Software Foundation

Versions Affected:
    Apache OpenOffice 3.4.0 to 3.4.1 on all platforms.
    Predecessor versions of OpenOffice.org may be also affected.

Description:

    The vulnerability is caused by operating on invalid PLCF (Plex of
Character Positions in File) data when parsing a malformed DOC document
file. Specially crafted documents can be used for denial-of-service
attacks. Further exploits are possible but have not been verified.

Mitigation:

    Apache OpenOffice 3.4 users are advised to upgrade to Apache
OpenOffice 4.0. Users who are unable to upgrade immediately should be
cautious when opening untrusted documents.

Credits:

    The Apache OpenOffice Security Team credits Jeremy Brown of
Microsoft Vulnerability Research as the discoverer of this flaw.

Herbert Dürr
Member of the Apache OpenOffice Security Team

-------------------------------------------

CVE-2013-4156
OpenOffice DOCM Memory Corruption Vulnerability

Severity: Important
Vendor: The Apache Software Foundation

Versions Affected:
    Apache OpenOffice 3.4.0 and 3.4.1, on all platforms.
    Predecessor versions of OpenOffice.org may be also affected.

Description:

    The vulnerability is caused by mishandling of unknown XML elements
when parsing a OOXML document file. Specially crafted documents can be
used for memory-corruption attacks. Further exploits are possible but
have not been verified.

Mitigation

    Apache OpenOffice 3.4.0 and 3.4.1 users are advised to upgrade to
Apache OpenOffice 4.0. Users who are unable to upgrade immediately
should be cautious when opening untrusted documents.

Credits

    The Apache OpenOffice Security Team credits Jeremy Brown of
Microsoft Vulnerability Research as the discoverer of this flaw.

Herbert Dürr
Member of the Apache OpenOffice Security Team

------------------------------------------

Could this be related, in that now LO 4.1 rejects such files where LO 4.0 did not?
Just a messenger.
Girvin Herr


Tom Davies wrote:
Hi :)
I sometimes get that from files "on the network" but when i copy them to local desktop machine they 
work fine.  I've not really been tracking which versions it happens with.  There seems to be something about 
the memory settings as higher spec machines with memory settings radically bumped right up seem to suffer 
this a lot less.  They still get it occasionally tho.

I thought it was my inexperience with networking or something
Regard from Tom :)




________________________________
From: Tanstaafl <tanstaafl@libertytrek.org>
To: users@global.libreoffice.org Sent: Friday, 26 July 2013, 11:33
Subject: [libreoffice-users] Attempting to open any Microsoft XML document causes General I/O error 
after upgrade to 4.1


Just wanted to check here before I go open a bug...

I just upgraded to 4.1, everything seemed fine, but I encountered a .docx document this morning, and got the dreaded 'General I/O' error.

I then tried a bunch of different XML documents (.docx, .xslx, and .pptx), and every one resulted in the same error.

These are all docs that opened fine in 4.0.4

Will go back to 4.0.4 and confirm it resolves the problem...

--
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted




--
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.