Test Kennung:	1.3.6.1.4.1.25623.1.0.881155
Kategorie:	CentOS Local Security Checks
Titel:	CentOS Update for openoffice.org-base CESA-2012:0411 centos5
Zusammenfassung:	The remote host is missing an update for the 'openoffice.org-base'; package(s) announced via the referenced advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'openoffice.org-base' package(s) announced via the referenced advisory. Vulnerability Insight: OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework (RDF) files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially-crafted file (such as an OpenDocument Format or OpenDocument Presentation file), it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2012-0037) Red Hat would like to thank Timothy D. Morgan of VSR for reporting this issue. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct this issue. All running instances of OpenOffice.org applications must be restarted for this update to take effect. Affected Software/OS: openoffice.org-base on CentOS 5 Solution: Please install the updated packages. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0037 BugTraq ID: 52681 http://www.securityfocus.com/bid/52681 Debian Security Information: DSA-2438 (Google Search) http://www.debian.org/security/2012/dsa-2438 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html http://security.gentoo.org/glsa/glsa-201209-05.xml http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name=MDVSA-2012:061 http://www.mandriva.com/security/advisories?name=MDVSA-2012:062 http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 http://vsecurity.com/resources/advisory/20120324-1/ https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0@%3Ccommits.openoffice.apache.org%3E http://www.openwall.com/lists/oss-security/2012/03/27/4 http://www.osvdb.org/80307 RedHat Security Advisories: RHSA-2012:0410 http://rhn.redhat.com/errata/RHSA-2012-0410.html RedHat Security Advisories: RHSA-2012:0411 http://rhn.redhat.com/errata/RHSA-2012-0411.html http://www.securitytracker.com/id?1026837 http://secunia.com/advisories/48479 http://secunia.com/advisories/48493 http://secunia.com/advisories/48494 http://secunia.com/advisories/48526 http://secunia.com/advisories/48529 http://secunia.com/advisories/48542 http://secunia.com/advisories/48649 http://secunia.com/advisories/50692 http://secunia.com/advisories/60799 XForce ISS Database: openoffice-xml-info-disclosure(74235) https://exchange.xforce.ibmcloud.com/vulnerabilities/74235
Copyright	Copyright (c) 2012 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.