Test ID:	1.3.6.1.4.1.25623.1.0.71203
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2012:0410
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2012:0410. Raptor provides parsers for Resource Description Framework (RDF) files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0037) Red Hat would like to thank Timothy D. Morgan of VSR for reporting this issue. All Raptor users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Raptor must be restarted for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2012-0410.html Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0037 1026837 http://www.securitytracker.com/id?1026837 48479 http://secunia.com/advisories/48479 48493 http://secunia.com/advisories/48493 48494 http://secunia.com/advisories/48494 48526 http://secunia.com/advisories/48526 48529 http://secunia.com/advisories/48529 48542 http://secunia.com/advisories/48542 48649 http://secunia.com/advisories/48649 50692 http://secunia.com/advisories/50692 52681 http://www.securityfocus.com/bid/52681 60799 http://secunia.com/advisories/60799 80307 http://www.osvdb.org/80307 DSA-2438 http://www.debian.org/security/2012/dsa-2438 FEDORA-2012-4629 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html FEDORA-2012-4663 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html GLSA-201209-05 http://security.gentoo.org/glsa/glsa-201209-05.xml GLSA-201408-19 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml MDVSA-2012:061 http://www.mandriva.com/security/advisories?name=MDVSA-2012:061 MDVSA-2012:062 http://www.mandriva.com/security/advisories?name=MDVSA-2012:062 MDVSA-2012:063 http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 RHSA-2012:0410 http://rhn.redhat.com/errata/RHSA-2012-0410.html RHSA-2012:0411 http://rhn.redhat.com/errata/RHSA-2012-0411.html [openoffice-commits] 20200305 svn commit: r1874832 - in /openoffice/ooo-site/trunk/content: download/checksums.html download/globalvars.js download/test/globalvars.js security/cves/CVE-2012-0037.html security/cves/CVE-2013-1571.html https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E [oss-security] 20120427 Fwd: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) http://www.openwall.com/lists/oss-security/2012/03/27/4 http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ http://librdf.org/raptor/RELEASE.html#rel2_0_7 http://vsecurity.com/resources/advisory/20120324-1/ http://www.libreoffice.org/advisories/CVE-2012-0037/ http://www.openoffice.org/security/cves/CVE-2012-0037.html https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 openoffice-xml-info-disclosure(74235) https://exchange.xforce.ibmcloud.com/vulnerabilities/74235
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.