ID CVE-2012-0037
Summary Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
References
Vulnerable Configurations
  • cpe:2.3:a:redland:libraptor:2.0.6
    cpe:2.3:a:redland:libraptor:2.0.6
  • cpe:2.3:a:apache:openoffice.org:3.3
    cpe:2.3:a:apache:openoffice.org:3.3
  • Apache Software Foundation OpenOffice.org 3.4 Beta
    cpe:2.3:a:apache:openoffice.org:3.4:beta
  • cpe:2.3:a:libreoffice:libreoffice:3.4.5
    cpe:2.3:a:libreoffice:libreoffice:3.4.5
  • cpe:2.3:a:libreoffice:libreoffice:3.4.1
    cpe:2.3:a:libreoffice:libreoffice:3.4.1
  • cpe:2.3:a:libreoffice:libreoffice:3.4.0
    cpe:2.3:a:libreoffice:libreoffice:3.4.0
  • cpe:2.3:a:libreoffice:libreoffice:3.4.2
    cpe:2.3:a:libreoffice:libreoffice:3.4.2
  • cpe:2.3:a:libreoffice:libreoffice:3.3.0
    cpe:2.3:a:libreoffice:libreoffice:3.3.0
  • cpe:2.3:a:libreoffice:libreoffice:3.3.1
    cpe:2.3:a:libreoffice:libreoffice:3.3.1
  • cpe:2.3:a:libreoffice:libreoffice:3.3.3
    cpe:2.3:a:libreoffice:libreoffice:3.3.3
  • cpe:2.3:a:libreoffice:libreoffice:3.3.4
    cpe:2.3:a:libreoffice:libreoffice:3.3.4
  • cpe:2.3:a:libreoffice:libreoffice:3.3.2
    cpe:2.3:a:libreoffice:libreoffice:3.3.2
  • cpe:2.3:a:libreoffice:libreoffice:3.5
    cpe:2.3:a:libreoffice:libreoffice:3.5
CVSS
Base: 4.3 (as of 18-06-2012 - 16:34)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-063.NASL
    description An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-0037). libreoffice for Mandriva Linux 2011 has been upgraded to the 3.4.6 version which is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 61950
    published 2012-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61950
    title Mandriva Linux Security Advisory : libreoffice (MDVSA-2012:063)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-187.NASL
    description - updated to libreoffice-3.4.5.4 (SUSE 3.4.5-rc2) - calc - pie charts colors messed in XLS import (fdo#40320) - correctly import data point formats in data series (fdo#40320) - components - crash when parsing XML signatures (fdo#39657) - broken getDataArray (fdo#46165, fdo#38441, i#117010) - don't paint a frame around the list of edit boxes (fdo#42543) - inconsistent compression method for encrypted documents (bnc#653688) - filters - more on bentConnectors (bnc#736495) - wrong text color in smartArt (bnc#746996) - reading of w:textbox contents (bnc#693388) - textbox position and size DOCX import (fdo#45560) - RTF/DOCX import of transparent frames (bnc#695479) - consecutive frames in RTF/DOCX import (bnc#703032) - handling of frame properties in RTF import (bnc#417818) - force imported XLSX active tab to be shown (bnc#748198) - create TableManager for inside shapes (bnc#747471, bnc#693238) - textboxes import with OLE objects inside (bnc#747471, bnc#693238) - impress - do not create an empty slide when printing handouts (fdo#31966) - libs-core - default shortcut for .uno:SearchDialog should be Ctrl+H - crash using instances dialog of dataform navigator (fdo#44816) - libs-extern - disable problematic reading of external entities in raptor - libs-gui - correctly calculate leap year - use proper Indian Rupee currency symbol U+20B9 (rh#794679) - writer - field refreshing (fdo#39694) - more layout crashers (i#101776, fdo#39510) - textbox borders style and width in DOCX import (fdo#45560) - expand all text fields when setting properties (fdo#42073) - updated to libreoffice-3.4.5.3 (SUSE 3.4.5-rc1) - version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1) - SmartArt import - custom shapes import - Oracle Java 1.7.0 detection - reading AES-encrypted ODF 1.2 documents as generated by LO 3.5 - base - iterator misuse (fdo #44040, bnc#742178) - calc - allow pasting to multiple ranges (bnc#715094) - correctly convert chart data ranges (bnc#727504) - definedName corruption for XLSX export (bnc#741182) - adjust/shrink the ranges while copying (bnc#677811) - extra graph data is displayed for label (bnc#717290) - getCellRangeByName failure for named range (bnc#738113) - graph in XLS file has dates displayed wrong (bnc#720443) - improve performance of large Excel documents (bnc#715104) - display page background color/image properly (bnc#722045) - pivot table output becoming empty on re-save (bnc#715543) - encode virtual paths to local volume correctly (bnc#719887) - avoid adjusting cell-anchored objects on other sheets (bnc#726152) - make sure to adjust the sheet index of drawing objects (bnc#733864) - make the data validation popup more reliable (fdo #36851, bnc#737190) - filters - table style (bnc#705991) - text rotation fixes (bnc#734734) - crash in PPTX import (bnc#706792) - read w:sdt* contents (bnc#705949) - connector shape fixes (bnc#719989) - legacy fragment import (bnc#699334) - non-working Excel macros (bnc#705977) - free drawn curves import (bnc#657909) - group shape transformations (bnc#621739) - extLst of drawings in diagrams import (bnc#655408) - flip properties of custom shapes import (bnc#705985) - line spacing is used from previous values (bnc#734734) - missing ooxml customshape->mso shape name entries (bnc#737921) - word doesn't break the numberings and prefers hiding them (bnc#707157) - impress - undo corruption (bnc#685123) - do not set duplicate master slide names (bnc#735533) - libs-core - handle copy and paste from ConsoleOne (bnc#704274) - VBA control events not working, broken eventattacher (bnc#718227) - 'General Error' when double-click graphic in presentation (bnc#720948) - libs-extern-sys - upgrade graphite to 1.0.3 fix surrogate support - libs-gui - crash at exit (bnc#728603) - radial gradient offset (bnc#714787) - horizontal scrollbars with KDE oxygen style (bnc#722918) - rendering of metafiles embedded in EMF+ (updated) (bnc#705956) - postprocess - make the 3D transitions work again (bnc#728559) - ure - make Duden Korrektor 5 and 6 work - writer - frame selection (bnc#740117) - crash when editing index (bnc#726174) - order database properties (bnc#740032) - numbering levels in DOC import (bnc#715115) - image size issue in DOC import (bnc#718971) - pointless forward moving of a table (bnc#706138) - tabs set after the end margin in DOCX import (bnc#693238) - add hyperlinks by default in Table of Contents (bnc#705956) - updated to libreoffice-3.4.4.3 (SUSE 3.4.4-rc1 == final) : - base - crash when inserting a constant in a query (fdo#38286) - calc - crash when modifying a named range - speed up range name lookup by index (bnc#715104) - recalculate matrix formula dimension correctly (fdo#39485) - mark all formula cells dirty when appending a new sheet (fdo#35965) - components - handling of SAFEARRAY(s) in olebridge (fdo#38441) - filters - auto fit text VIEWING too small in PPT import (fdo#41245) - impress - hang in slideshow (fdo#32861) - crash while dropping texture (fdo#38391) - libs-core - recognize .svg in ODF container (fdo#41995) - dictionaries lost after LibO upgrade (fdo#37195) - crash when 'Find Record' button is clicked in Base (fdo#40701) - fix the drawing of dotted and dashed borders in Calc (fdo#37129) - VBA control events not working; broken eventattacher (bnc#718227) - libs-extern-sys - upgrade graphite to 1.0.3 to fix surrogate support - libs-gui - crash when changing screen resolution - let Qt call XInitThreads() (fdo#40298) - activation order crashes address database (fdo#41022) - drawing of dotted and dashed borders in Calc (fdo#37129) - translations - update translations - writer - leak in PDF export (i#116448) - crash when editing index (bnc#726174) - crash while processing incorrect range of pages (fdo#35513) - crash on closing document with footnotes (fdo#39510, lp#854626)
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 74584
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74584
    title openSUSE Security Update : libreoffice (openSUSE-SU-2012:0433-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBREOFFICE-345-8022.NASL
    description LibreOffice 3.4.5 includes many fixes over the previous LibreOffice 3.4.2.6 update. The update fixes the following security issues : - 740453: Vulnerability in RDF handling. (CVE-2012-0037) - 752595: overflow in jpeg handling. (CVE-2012-1149) - 736146: buffer overflow in the build in icu copy (736146) This update also fixes the following non-security issues : Extras : - add SUSE color palette (fate#312645) Filters : - crash when loading embedded elements. (bnc#693238) - crash when importing an empty paragraph (rh#667082) - more on bentConnectors. (bnc#736495) - wrong text color in smartArt. (bnc#746996) - reading of w:textbox contents. (bnc#693388) - textbox position and size DOCX import (fdo#45560) - RTF/DOCX import of transparent frames. (bnc#695479) - consecutive frames in RTF/DOCX import. (bnc#703032) - handling of frame properties in RTF import. (bnc#417818) - force imported XLSX active tab to be shown. (bnc#748198) - create TableManager for inside shapes. (bnc#747471, bnc#693238) - textboxes import with OLE objects inside. (bnc#747471, bnc#693238) - table style. (bnc#705991) - text rotation fixes. (bnc#734734) - crash in PPTX import. (bnc#706792) - read w:sdt* contents. (bnc#705949) - connector shape fixes. (bnc#719989) - legacy fragment import. (bnc#699334) - non-working Excel macros. (bnc#705977) - free drawn curves import. (bnc#657909) - group shape transformations. (bnc#621739) - extLst of drawings in diagrams import. (bnc#655408) - flip properties of custom shapes import. (bnc#705985) - line spacing is used from previous values. (bnc#734734) - missing ooxml customshape->mso shape name entries. (bnc#737921) - word doesn't break the numberings and prefers hiding them. (bnc#707157) Base : - iterator misuse (fdo #44040, bnc#742178) Writer : - do not use an invalidated iterator (fdo#46337) - field refreshing (fdo#39694) - more layout crashers (i#101776, fdo#39510) - textbox borders style and width in DOCX import (fdo#45560) - expand all text fields when setting properties (fdo#42073) - version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1) - SmartArt import - custom shapes import - Oracle Java 1.7.0 detection - reading AES-encrypted ODF 1.2 documents as generated by LO 3.5 - frame selection. (bnc#740117) - crash when editing index. (bnc#726174) - order database properties. (bnc#740032) - numbering levels in DOC import. (bnc#715115) - image size issue in DOC import. (bnc#718971) - pointless forward moving of a table. (bnc#706138) - tabs set after the end margin in DOCX import. (bnc#693238) - add hyperlinks by default in Table of Contents (bnc#705956) Calc : - pie charts colors messed in XLS import (fdo#40320) - correctly import data point formats in data series (fdo#40320) Components : - crash when parsing XML signatures (fdo#39657) - broken getDataArray (fdo#46165, fdo#38441, i#117010) - don't paint a frame around the list of edit boxes (fdo#42543) - inconsistent compression method for encrypted documents. (bnc#653688) - allow pasting to multiple ranges. (bnc#715094) - correctly convert chart data ranges. (bnc#727504) - definedName corruption for XLSX export. (bnc#741182) - adjust/shrink the ranges while copying. (bnc#677811) - extra graph data is displayed for label. (bnc#717290) - getCellRangeByName failure for named range. (bnc#738113) - graph in XLS file has dates displayed wrong. (bnc#720443) - improve performance of large Excel documents. (bnc#715104) - display page background color/image properly. (bnc#722045) - pivot table output becoming empty on re-save. (bnc#715543) - encode virtual paths to local volume correctly. (bnc#719887) - avoid adjusting cell-anchored objects on other sheets. (bnc#726152) - make sure to adjust the sheet index of drawing objects. (bnc#733864) - make the data validation popup more reliable (fdo #36851, bnc#737190) Impress : - do not create an empty slide when printing handouts (fdo#31966) - undo corruption. (bnc#685123) - do not set duplicate master slide names (bnc#735533) Libraries : - default shortcut for .uno:SearchDialog should be Ctrl+H - crash using instances dialog of dataform navigator (fdo#44816) - disable problematic reading of external entities in raptor - correctly calculate leap year - use proper Indian Rupee currency symbol U+20B9 (rh#794679) - handle copy and paste from ConsoleOne. (bnc#704274) - VBA control events not working, broken eventattacher. (bnc#718227) - 'General Error' when double-click graphic in presentation. (bnc#720948) - upgrade graphite to 1.0.3 fix surrogate support - crash at exit. (bnc#728603) - radial gradient offset. (bnc#714787) - horizontal scrollbars with KDE oxygen style. (bnc#722918) - rendering of metafiles embedded in EMF+ (updated) (bnc#705956) Postprocess : - make the 3D transitions work again (bnc#728559) URE : - make Duden Korrektor 5 and 6 work General : - add compat symlinks for the old main desktop icon. (bnc#724087) - Fix tooltips are all black in KDE4 (bnc#723074, fdo#40461) - do-not-display-math-in-desktop-menu.diff: do not display math in desktop menu (fdo#41681) - desktop-submenu.diff: display LO application in the right desktop submenu. (bnc#718694) - bash-completion-for-loffice.diff: define bash completion for 'loffice' wrapper. (bnc#719656) - svx-globlmn-hrc-build-dep.diff: fix build dependency problem in svx
    last seen 2019-02-21
    modified 2012-06-25
    plugin id 58577
    published 2012-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58577
    title SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8022)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201408-19.NASL
    description The remote host is affected by the vulnerability described in GLSA-201408-19 (OpenOffice, LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 77467
    published 2014-09-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77467
    title GLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201209-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201209-05 (LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been found in LibreOffice: The Microsoft Word Document parser contains an out-of-bounds read error (CVE-2011-2713). The Raptor RDF parser contains an XML External Entity expansion error (CVE-2012-0037). The graphic loading parser contains an integer overflow error which could cause a heap-based buffer overflow (CVE-2012-1149). Multiple errors in the XML manifest handling code could cause a heap-based buffer overflow (CVE-2012-2665). Impact : A remote attacker could entice a user to open a specially crafted document file using LibreOffice, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 62286
    published 2012-09-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62286
    title GLSA-201209-05 : LibreOffice: Multiple vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120322_OPENOFFICE_ORG_ON_SL5_X.NASL
    description OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework (RDF) files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially crafted file (such as an OpenDocument Format or OpenDocument Presentation file), it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2012-0037) All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct this issue. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61287
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61287
    title Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2438.NASL
    description It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58436
    published 2012-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58436
    title Debian DSA-2438-1 : raptor - programming error
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-10590.NASL
    description This is new version of package that fixes CVE-2012-0037. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 60157
    published 2012-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60157
    title Fedora 16 : raptor-1.4.21-12.fc16 (2012-10590)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-061.NASL
    description An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-0037). The updated packages have been patched to correct this issue. raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version which is not vulnerable to this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 58830
    published 2012-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58830
    title Mandriva Linux Security Advisory : raptor (MDVSA-2012:061)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0410.NASL
    description Updated raptor packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Raptor provides parsers for Resource Description Framework (RDF) files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0037) Red Hat would like to thank Timothy D. Morgan of VSR for reporting this issue. All Raptor users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Raptor must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 58441
    published 2012-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58441
    title RHEL 6 : raptor (RHSA-2012:0410)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0410.NASL
    description Updated raptor packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Raptor provides parsers for Resource Description Framework (RDF) files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0037) Red Hat would like to thank Timothy D. Morgan of VSR for reporting this issue. All Raptor users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Raptor must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58457
    published 2012-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58457
    title CentOS 6 : raptor (CESA-2012:0410)
  • NASL family Windows
    NASL id LOTUS_SYMPHONY_3_0_1_FP2.NASL
    description The version of IBM Lotus Symphony is a version prior to 3.0.1 Fix Pack 2. Such versions are affected by multiple vulnerabilities : - Flaws exist in the way certain XML components are processed for external entities in ODF documents. These flaws can be utilized to access and inject the content of local files into an ODF document without a user's knowledge or permission, or inject arbitrary code that would be executed when opened by the user. (CVE-2012-0037) - An integer overflow error exists in 'vclmi.dll' that can allow heap-based buffer overflows when handling embedded image objects. (CVE-2012-1149) - Memory checking errors exist in 'filter/source/msfilter msdffimp.cxx' that can be triggered when processing PowerPoint graphics records. These errors can allow denial of service attacks. (CVE-2012-2334) - Errors exist related to XML tag handling and base64 decoding that can lead to heap-based buffer overflows. (CVE-2012-2665)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 63266
    published 2012-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63266
    title IBM Lotus Symphony < 3.0.1 Fix Pack 2 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_LIBREOFFICE_351.NASL
    description The remote host is running a version of LibreOffice < 3.4.6 / 3.5.1 that has flaws in the way certain XML components are processed for external entities in ODF documents. These flaws can be utilized to access and inject the content of local files into an ODF document without a user's knowledge or permission, or inject arbitrary code that would be executed when opened by the user.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 58725
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58725
    title LibreOffice < 3.4.6 / 3.5.1 XML External Entity RDF Document Handling Information Disclosure (Mac OS X)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_60F81AF3769011E1942300235A5F2C9A.NASL
    description Timothy D. Morgan reports : In December 2011, VSR identified a vulnerability in multiple open source office products (including OpenOffice, LibreOffice, KOffice, and AbiWord) due to unsafe interpretation of XML files with custom entity declarations. Deeper analysis revealed that the vulnerability was caused by acceptance of external entities by the libraptor library, which is used by librdf and is in turn used by these office products. In the context of office applications, these vulnerabilities could allow for XML External Entity (XXE) attacks resulting in file theft and a loss of user privacy when opening potentially malicious ODF documents. For other applications which depend on librdf or libraptor, potentially serious consequences could result from accepting RDF/XML content from untrusted sources, though the impact may vary widely depending on the context.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 58472
    published 2012-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58472
    title FreeBSD : raptor/raptor2 -- XXE in RDF/XML File Interpretation (60f81af3-7690-11e1-9423-00235a5f2c9a)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-10591.NASL
    description This is new version of package that fixes CVE-2012-0037. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 60158
    published 2012-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60158
    title Fedora 17 : raptor-1.4.21-12.fc17 (2012-10591)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0410.NASL
    description From Red Hat Security Advisory 2012:0410 : Updated raptor packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Raptor provides parsers for Resource Description Framework (RDF) files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0037) Red Hat would like to thank Timothy D. Morgan of VSR for reporting this issue. All Raptor users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Raptor must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68500
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68500
    title Oracle Linux 6 : raptor (ELSA-2012-0410)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1901-1.NASL
    description Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 67206
    published 2013-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67206
    title Ubuntu 12.04 LTS : raptor2 vulnerability (USN-1901-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0411.NASL
    description Updated openoffice.org packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework (RDF) files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially crafted file (such as an OpenDocument Format or OpenDocument Presentation file), it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2012-0037) Red Hat would like to thank Timothy D. Morgan of VSR for reporting this issue. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct this issue. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58458
    published 2012-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58458
    title CentOS 5 : openoffice.org (CESA-2012:0411)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBRAPTOR-DEVEL-120217.NASL
    description Specially crafted XML files could have allowed XML External Entity (XXE) attacks resulting in file theft and a loss of user privacy. This has been fixed.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 58479
    published 2012-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58479
    title SuSE 11.1 Security Update : libraptor (SAT Patch Number 5836)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-4663.NASL
    description new raptor2-2.0.7 release highlights : - CVE-2012-0037 fixed - Removed Expat support - Removed internal Unicode NFC code for better and optional ICU - Added options for denying file requests and XML entity loading - Added options for SSL certificate verifying - Fixed reported issues: 0000448 and 0000469 See also http://librdf.org/raptor/RELEASE.html#rel2_0_7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 58731
    published 2012-04-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58731
    title Fedora 16 : raptor2-2.0.7-1.fc16 (2012-4663)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBREOFFICE-345-120316.NASL
    description The update fixes the following security issues : - 740453: Vulnerability in RDF handling. (CVE-2012-0037) - 752595: overflow in jpeg handling (CVE-2012-1149) This update also fixes the following non-security issues : Extras : - add SUSE color palette (fate#312645) Filters : - crash when loading embedded elements. (bnc#693238) - crash when importing an empty paragraph (rh#667082) - more on bentConnectors. (bnc#736495) - wrong text color in smartArt. (bnc#746996) - reading of w:textbox contents. (bnc#693388) - textbox position and size DOCX import (fdo#45560) - RTF/DOCX import of transparent frames. (bnc#695479) - consecutive frames in RTF/DOCX import. (bnc#703032) - handling of frame properties in RTF import. (bnc#417818) - force imported XLSX active tab to be shown. (bnc#748198) - create TableManager for inside shapes. (bnc#747471, bnc#693238) - textboxes import with OLE objects inside. (bnc#747471, bnc#693238) - table style. (bnc#705991) - text rotation fixes. (bnc#734734) - crash in PPTX import. (bnc#706792) - read w:sdt* contents. (bnc#705949) - connector shape fixes. (bnc#719989) - legacy fragment import. (bnc#699334) - non-working Excel macros. (bnc#705977) - free drawn curves import. (bnc#657909) - group shape transformations. (bnc#621739) - extLst of drawings in diagrams import. (bnc#655408) - flip properties of custom shapes import. (bnc#705985) - line spacing is used from previous values. (bnc#734734) - missing ooxml customshape->mso shape name entries. (bnc#737921) - word doesn't break the numberings and prefers hiding them (bnc#707157) Base : - iterator misuse (fdo #44040, bnc#742178) Writer : - do not use an invalidated iterator (fdo#46337) - field refreshing (fdo#39694) - more layout crashers (i#101776, fdo#39510) - textbox borders style and width in DOCX import (fdo#45560) - expand all text fields when setting properties (fdo#42073) - version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1) - SmartArt import - custom shapes import - Oracle Java 1.7.0 detection - reading AES-encrypted ODF 1.2 documents as generated by LO 3.5 - frame selection. (bnc#740117) - crash when editing index. (bnc#726174) - order database properties. (bnc#740032) - numbering levels in DOC import. (bnc#715115) - image size issue in DOC import. (bnc#718971) - pointless forward moving of a table. (bnc#706138) - tabs set after the end margin in DOCX import. (bnc#693238) - add hyperlinks by default in Table of Contents (bnc#705956) Calc : - pie charts colors messed in XLS import (fdo#40320) - correctly import data point formats in data series (fdo#40320) Components : - crash when parsing XML signatures (fdo#39657) - broken getDataArray (fdo#46165, fdo#38441, i#117010) - don't paint a frame around the list of edit boxes (fdo#42543) - inconsistent compression method for encrypted documents. (bnc#653688) - allow pasting to multiple ranges. (bnc#715094) - correctly convert chart data ranges. (bnc#727504) - definedName corruption for XLSX export. (bnc#741182) - adjust/shrink the ranges while copying. (bnc#677811) - extra graph data is displayed for label. (bnc#717290) - getCellRangeByName failure for named range. (bnc#738113) - graph in XLS file has dates displayed wrong. (bnc#720443) - improve performance of large Excel documents. (bnc#715104) - display page background color/image properly. (bnc#722045) - pivot table output becoming empty on re-save. (bnc#715543) - encode virtual paths to local volume correctly. (bnc#719887) - avoid adjusting cell-anchored objects on other sheets. (bnc#726152) - make sure to adjust the sheet index of drawing objects. (bnc#733864) - make the data validation popup more reliable (fdo #36851, bnc#737190) Impress : - do not create an empty slide when printing handouts (fdo#31966) - undo corruption. (bnc#685123) - do not set duplicate master slide names (bnc#735533) Libraries : - default shortcut for .uno:SearchDialog should be Ctrl+H - crash using instances dialog of dataform navigator (fdo#44816) - disable problematic reading of external entities in raptor - correctly calculate leap year - use proper Indian Rupee currency symbol U+20B9 (rh#794679) - handle copy and paste from ConsoleOne. (bnc#704274) - VBA control events not working, broken eventattacher. (bnc#718227) - 'General Error' when double-click graphic in presentation. (bnc#720948) - upgrade graphite to 1.0.3 fix surrogate support - crash at exit. (bnc#728603) - radial gradient offset. (bnc#714787) - horizontal scrollbars with KDE oxygen style. (bnc#722918) - rendering of metafiles embedded in EMF+ (updated) (bnc#705956) Postprocess : - make the 3D transitions work again (bnc#728559) URE : - make Duden Korrektor 5 and 6 work General : - add compat symlinks for the old main desktop icon. (bnc#724087) - Fix tooltips are all black in KDE4 (bnc#723074, fdo#40461) - do-not-display-math-in-desktop-menu.diff: do not display math in desktop menu (fdo#41681) - desktop-submenu.diff: display LO application in the right desktop submenu. (bnc#718694) - bash-completion-for-loffice.diff: define bash completion for 'loffice' wrapper. (bnc#719656) - svx-globlmn-hrc-build-dep.diff: fix build dependency problem in svx - Update gdocs extension to version 3.0.0; needed to make it working with the current Google Docs interface
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 58721
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58721
    title SuSE 11.1 Security Update : LibreOffice (SAT Patch Number 6003)
  • NASL family Windows
    NASL id OPENOFFICE_2012_0037.NASL
    description The remote host is running a version of OpenOffice.org that has flaws in the way certain XML components are processed for external entities in ODF documents. These flaws can be utilized to access and inject the content of local files into an ODF document without a user's knowledge or permission, or inject arbitrary code that would be executed when opened by the user.
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 58727
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58727
    title OpenOffice XML External Entity RDF Document Handling Information Disclosure
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-183.NASL
    description - updated to libreoffice-3.4.5.5 (SUSE 3.4.5-rc3) : - extras - add SUSE color palette (fate#312645) - filters - crash when loading embedded elements (bnc#693238) - crash when importing an empty paragraph (rh#667082) - writer - do not use an invalidated iterator (fdo#46337) - updated to libreoffice-3.4.5.4 (SUSE 3.4.5-rc2) - calc - pie charts colors messed in XLS import (fdo#40320) - correctly import data point formats in data series (fdo#40320) - components - crash when parsing XML signatures (fdo#39657) - broken getDataArray (fdo#46165, fdo#38441, i#117010) - don't paint a frame around the list of edit boxes (fdo#42543) - inconsistent compression method for encrypted documents (bnc#653688) - filters - more on bentConnectors (bnc#736495) - wrong text color in smartArt (bnc#746996) - reading of w:textbox contents (bnc#693388) - textbox position and size DOCX import (fdo#45560) - RTF/DOCX import of transparent frames (bnc#695479) - consecutive frames in RTF/DOCX import (bnc#703032) - handling of frame properties in RTF import (bnc#417818) - force imported XLSX active tab to be shown (bnc#748198) - create TableManager for inside shapes (bnc#747471, bnc#693238) - textboxes import with OLE objects inside (bnc#747471, bnc#693238) - impress - do not create an empty slide when printing handouts (fdo#31966) - libs-core - default shortcut for .uno:SearchDialog should be Ctrl+H - crash using instances dialog of dataform navigator (fdo#44816) - libs-extern - disable problematic reading of external entities in raptor - libs-gui - correctly calculate leap year - use proper Indian Rupee currency symbol U+20B9 (rh#794679) - writer - field refreshing (fdo#39694) - more layout crashers (i#101776, fdo#39510) - textbox borders style and width in DOCX import (fdo#45560) - expand all text fields when setting properties (fdo#42073) - updated to libreoffice-3.4.5.3 (SUSE 3.4.5-rc1) - version 3.4.5.3, tag suse-3.4.5.3 (SUSE LO 3.4.5-rc1) - SmartArt import - custom shapes import - Oracle Java 1.7.0 detection - reading AES-encrypted ODF 1.2 documents as generated by LO 3.5 - base - iterator misuse (fdo #44040, bnc#742178) - calc - allow pasting to multiple ranges (bnc#715094) - correctly convert chart data ranges (bnc#727504) - definedName corruption for XLSX export (bnc#741182) - adjust/shrink the ranges while copying (bnc#677811) - extra graph data is displayed for label (bnc#717290) - getCellRangeByName failure for named range (bnc#738113) - graph in XLS file has dates displayed wrong (bnc#720443) - improve performance of large Excel documents (bnc#715104) - display page background color/image properly (bnc#722045) - pivot table output becoming empty on re-save (bnc#715543) - encode virtual paths to local volume correctly (bnc#719887) - avoid adjusting cell-anchored objects on other sheets (bnc#726152) - make sure to adjust the sheet index of drawing objects (bnc#733864) - make the data validation popup more reliable (fdo #36851, bnc#737190) - filters - table style (bnc#705991) - text rotation fixes (bnc#734734) - crash in PPTX import (bnc#706792) - read w:sdt* contents (bnc#705949) - connector shape fixes (bnc#719989) - legacy fragment import (bnc#699334) - non-working Excel macros (bnc#705977) - free drawn curves import (bnc#657909) - group shape transformations (bnc#621739) - extLst of drawings in diagrams import (bnc#655408) - flip properties of custom shapes import (bnc#705985) - line spacing is used from previous values (bnc#734734) - missing ooxml customshape->mso shape name entries (bnc#737921) - word doesn't break the numberings and prefers hiding them (bnc#707157) - impress - undo corruption (bnc#685123) - do not set duplicate master slide names (bnc#735533) - libs-core - handle copy and paste from ConsoleOne (bnc#704274) - VBA control events not working, broken eventattacher (bnc#718227) - 'General Error' when double-click graphic in presentation (bnc#720948) - libs-extern-sys - upgrade graphite to 1.0.3 fix surrogate support - libs-gui - crash at exit (bnc#728603) - radial gradient offset (bnc#714787) - horizontal scrollbars with KDE oxygen style (bnc#722918) - rendering of metafiles embedded in EMF+ (updated) (bnc#705956) - postprocess - make the 3D transitions work again (bnc#728559) - ure - make Duden Korrektor 5 and 6 work - writer - frame selection (bnc#740117) - crash when editing index (bnc#726174) - order database properties (bnc#740032) - numbering levels in DOC import (bnc#715115) - image size issue in DOC import (bnc#718971) - pointless forward moving of a table (bnc#706138) - tabs set after the end margin in DOCX import (bnc#693238) - add hyperlinks by default in Table of Contents (bnc#705956) - updated to libreoffice-3.4.4.3 (SUSE 3.4.4-rc1 == final) : - base - crash when inserting a constant in a query (fdo#38286) - calc - crash when modifying a named range - speed up range name lookup by index (bnc#715104) - recalculate matrix formula dimension correctly (fdo#39485) - mark all formula cells dirty when appending a new sheet (fdo#35965) - components - handling of SAFEARRAY(s) in olebridge (fdo#38441) - filters - auto fit text VIEWING too small in PPT import (fdo#41245) - impress - hang in slideshow (fdo#32861) - crash while dropping texture (fdo#38391) - libs-core - recognize .svg in ODF container (fdo#41995) - dictionaries lost after LibO upgrade (fdo#37195) - crash when 'Find Record' button is clicked in Base (fdo#40701) - fix the drawing of dotted and dashed borders in Calc (fdo#37129) - VBA control events not working; broken eventattacher (bnc#718227) - libs-extern-sys - upgrade graphite to 1.0.3 to fix surrogate support - libs-gui - crash when changing screen resolution - let Qt call XInitThreads() (fdo#40298) - activation order crashes address database (fdo#41022) - drawing of dotted and dashed borders in Calc (fdo#37129) - translations - update translations - writer - leak in PDF export (i#116448) - crash when editing index (bnc#726174) - crash while processing incorrect range of pages (fdo#35513) - crash on closing document with footnotes (fdo#39510, lp#854626)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74581
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74581
    title openSUSE Security Update : libreoffice (openSUSE-SU-2012:0428-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0411.NASL
    description Updated openoffice.org packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework (RDF) files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially crafted file (such as an OpenDocument Format or OpenDocument Presentation file), it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org. (CVE-2012-0037) Red Hat would like to thank Timothy D. Morgan of VSR for reporting this issue. All OpenOffice.org users are advised to upgrade to these updated packages, which contain backported patches to correct this issue. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 58442
    published 2012-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58442
    title RHEL 5 : openoffice.org (RHSA-2012:0411)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1480-1.NASL
    description Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 59567
    published 2012-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59567
    title Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : raptor vulnerability (USN-1480-1)
  • NASL family Windows
    NASL id LIBREOFFICE_351.NASL
    description The remote host is running a version of LibreOffice < 3.4.6 / 3.5.1 that has flaws in the way certain XML components are processed for external entities in ODF documents. These flaws can be utilized to access and inject the content of local files into an ODF document without a user's knowledge or permission, or inject arbitrary code that would be executed when opened by the user.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 58726
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58726
    title LibreOffice < 3.4.6 / 3.5.1 XML External Entity RDF Document Handling Information Disclosure
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120322_RAPTOR_ON_SL6_X.NASL
    description Raptor provides parsers for Resource Description Framework (RDF) files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0037) All Raptor users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Raptor must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61288
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61288
    title Scientific Linux Security Update : raptor on SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-4629.NASL
    description new raptor2-2.0.7 release highlights : - CVE-2012-0037 fixed - Removed Expat support - Removed internal Unicode NFC code for better and optional ICU - Added options for denying file requests and XML entity loading - Added options for SSL certificate verifying - Fixed reported issues: 0000448 and 0000469 See also http://librdf.org/raptor/RELEASE.html#rel2_0_7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 58696
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58696
    title Fedora 17 : raptor2-2.0.7-1.fc17 (2012-4629)
redhat via4
advisories
  • bugzilla
    id 791296
    title CVE-2012-0037 raptor: XML External Entity (XXE) attack via RDF files
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment raptor is earlier than 0:1.4.18-5.el6_2.1
          oval oval:com.redhat.rhsa:tst:20120410005
        • comment raptor is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120410006
      • AND
        • comment raptor-devel is earlier than 0:1.4.18-5.el6_2.1
          oval oval:com.redhat.rhsa:tst:20120410007
        • comment raptor-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20120410008
    rhsa
    id RHSA-2012:0410
    released 2012-03-22
    severity Important
    title RHSA-2012:0410: raptor security update (Important)
  • bugzilla
    id 791296
    title CVE-2012-0037 raptor: XML External Entity (XXE) attack via RDF files
    oval
    AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhba:tst:20070331001
    • OR
      • AND
        • comment openoffice.org-base is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411030
        • comment openoffice.org-base is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069029
      • AND
        • comment openoffice.org-calc is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411068
        • comment openoffice.org-calc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069039
      • AND
        • comment openoffice.org-core is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411004
        • comment openoffice.org-core is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069143
      • AND
        • comment openoffice.org-draw is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411080
        • comment openoffice.org-draw is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069047
      • AND
        • comment openoffice.org-emailmerge is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411144
        • comment openoffice.org-emailmerge is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069037
      • AND
        • comment openoffice.org-graphicfilter is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411140
        • comment openoffice.org-graphicfilter is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069061
      • AND
        • comment openoffice.org-headless is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411046
        • comment openoffice.org-headless is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080537140
      • AND
        • comment openoffice.org-impress is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411026
        • comment openoffice.org-impress is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069121
      • AND
        • comment openoffice.org-javafilter is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411090
        • comment openoffice.org-javafilter is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069087
      • AND
        • comment openoffice.org-langpack-af_ZA is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411076
        • comment openoffice.org-langpack-af_ZA is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069091
      • AND
        • comment openoffice.org-langpack-ar is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411116
        • comment openoffice.org-langpack-ar is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069051
      • AND
        • comment openoffice.org-langpack-as_IN is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411124
        • comment openoffice.org-langpack-as_IN is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069147
      • AND
        • comment openoffice.org-langpack-bg_BG is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411074
        • comment openoffice.org-langpack-bg_BG is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069093
      • AND
        • comment openoffice.org-langpack-bn is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411022
        • comment openoffice.org-langpack-bn is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069115
      • AND
        • comment openoffice.org-langpack-ca_ES is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411054
        • comment openoffice.org-langpack-ca_ES is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069117
      • AND
        • comment openoffice.org-langpack-cs_CZ is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411078
        • comment openoffice.org-langpack-cs_CZ is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069021
      • AND
        • comment openoffice.org-langpack-cy_GB is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411134
        • comment openoffice.org-langpack-cy_GB is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069023
      • AND
        • comment openoffice.org-langpack-da_DK is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411060
        • comment openoffice.org-langpack-da_DK is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069089
      • AND
        • comment openoffice.org-langpack-de is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411050
        • comment openoffice.org-langpack-de is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069119
      • AND
        • comment openoffice.org-langpack-el_GR is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411114
        • comment openoffice.org-langpack-el_GR is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069095
      • AND
        • comment openoffice.org-langpack-es is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411006
        • comment openoffice.org-langpack-es is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069139
      • AND
        • comment openoffice.org-langpack-et_EE is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411102
        • comment openoffice.org-langpack-et_EE is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069003
      • AND
        • comment openoffice.org-langpack-eu_ES is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411040
        • comment openoffice.org-langpack-eu_ES is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069025
      • AND
        • comment openoffice.org-langpack-fi_FI is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411132
        • comment openoffice.org-langpack-fi_FI is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069043
      • AND
        • comment openoffice.org-langpack-fr is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411126
        • comment openoffice.org-langpack-fr is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069109
      • AND
        • comment openoffice.org-langpack-ga_IE is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411064
        • comment openoffice.org-langpack-ga_IE is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069131
      • AND
        • comment openoffice.org-langpack-gl_ES is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411042
        • comment openoffice.org-langpack-gl_ES is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069073
      • AND
        • comment openoffice.org-langpack-gu_IN is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411008
        • comment openoffice.org-langpack-gu_IN is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069033
      • AND
        • comment openoffice.org-langpack-he_IL is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411070
        • comment openoffice.org-langpack-he_IL is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069005
      • AND
        • comment openoffice.org-langpack-hi_IN is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411104
        • comment openoffice.org-langpack-hi_IN is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069083
      • AND
        • comment openoffice.org-langpack-hr_HR is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411136
        • comment openoffice.org-langpack-hr_HR is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069041
      • AND
        • comment openoffice.org-langpack-hu_HU is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411086
        • comment openoffice.org-langpack-hu_HU is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069045
      • AND
        • comment openoffice.org-langpack-it is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411096
        • comment openoffice.org-langpack-it is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069009
      • AND
        • comment openoffice.org-langpack-ja_JP is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411038
        • comment openoffice.org-langpack-ja_JP is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069113
      • AND
        • comment openoffice.org-langpack-kn_IN is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411082
        • comment openoffice.org-langpack-kn_IN is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069133
      • AND
        • comment openoffice.org-langpack-ko_KR is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411128
        • comment openoffice.org-langpack-ko_KR is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069065
      • AND
        • comment openoffice.org-langpack-lt_LT is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411018
        • comment openoffice.org-langpack-lt_LT is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069145
      • AND
        • comment openoffice.org-langpack-ml_IN is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411112
        • comment openoffice.org-langpack-ml_IN is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069035
      • AND
        • comment openoffice.org-langpack-mr_IN is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411098
        • comment openoffice.org-langpack-mr_IN is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069031
      • AND
        • comment openoffice.org-langpack-ms_MY is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411028
        • comment openoffice.org-langpack-ms_MY is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069099
      • AND
        • comment openoffice.org-langpack-nb_NO is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411122
        • comment openoffice.org-langpack-nb_NO is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069081
      • AND
        • comment openoffice.org-langpack-nl is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411118
        • comment openoffice.org-langpack-nl is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069057
      • AND
        • comment openoffice.org-langpack-nn_NO is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411152
        • comment openoffice.org-langpack-nn_NO is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069111
      • AND
        • comment openoffice.org-langpack-nr_ZA is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411014
        • comment openoffice.org-langpack-nr_ZA is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069011
      • AND
        • comment openoffice.org-langpack-nso_ZA is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411092
        • comment openoffice.org-langpack-nso_ZA is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069077
      • AND
        • comment openoffice.org-langpack-or_IN is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411106
        • comment openoffice.org-langpack-or_IN is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069007
      • AND
        • comment openoffice.org-langpack-pa_IN is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411100
        • comment openoffice.org-langpack-pa_IN is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069013
      • AND
        • comment openoffice.org-langpack-pl_PL is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411020
        • comment openoffice.org-langpack-pl_PL is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069103
      • AND
        • comment openoffice.org-langpack-pt_BR is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411142
        • comment openoffice.org-langpack-pt_BR is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069069
      • AND
        • comment openoffice.org-langpack-pt_PT is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411044
        • comment openoffice.org-langpack-pt_PT is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069107
      • AND
        • comment openoffice.org-langpack-ru is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411154
        • comment openoffice.org-langpack-ru is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069105
      • AND
        • comment openoffice.org-langpack-sk_SK is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411066
        • comment openoffice.org-langpack-sk_SK is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069137
      • AND
        • comment openoffice.org-langpack-sl_SI is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411010
        • comment openoffice.org-langpack-sl_SI is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069019
      • AND
        • comment openoffice.org-langpack-sr_CS is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411088
        • comment openoffice.org-langpack-sr_CS is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069049
      • AND
        • comment openoffice.org-langpack-ss_ZA is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411150
        • comment openoffice.org-langpack-ss_ZA is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069015
      • AND
        • comment openoffice.org-langpack-st_ZA is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411094
        • comment openoffice.org-langpack-st_ZA is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069055
      • AND
        • comment openoffice.org-langpack-sv is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411120
        • comment openoffice.org-langpack-sv is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069067
      • AND
        • comment openoffice.org-langpack-ta_IN is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411048
        • comment openoffice.org-langpack-ta_IN is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069135
      • AND
        • comment openoffice.org-langpack-te_IN is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411072
        • comment openoffice.org-langpack-te_IN is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069141
      • AND
        • comment openoffice.org-langpack-th_TH is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411146
        • comment openoffice.org-langpack-th_TH is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069017
      • AND
        • comment openoffice.org-langpack-tn_ZA is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411138
        • comment openoffice.org-langpack-tn_ZA is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069059
      • AND
        • comment openoffice.org-langpack-tr_TR is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411110
        • comment openoffice.org-langpack-tr_TR is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069079
      • AND
        • comment openoffice.org-langpack-ts_ZA is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411062
        • comment openoffice.org-langpack-ts_ZA is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069125
      • AND
        • comment openoffice.org-langpack-ur is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411002
        • comment openoffice.org-langpack-ur is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069071
      • AND
        • comment openoffice.org-langpack-ve_ZA is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411034
        • comment openoffice.org-langpack-ve_ZA is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069053
      • AND
        • comment openoffice.org-langpack-xh_ZA is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411148
        • comment openoffice.org-langpack-xh_ZA is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069129
      • AND
        • comment openoffice.org-langpack-zh_CN is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411130
        • comment openoffice.org-langpack-zh_CN is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069127
      • AND
        • comment openoffice.org-langpack-zh_TW is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411052
        • comment openoffice.org-langpack-zh_TW is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069097
      • AND
        • comment openoffice.org-langpack-zu_ZA is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411016
        • comment openoffice.org-langpack-zu_ZA is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069101
      • AND
        • comment openoffice.org-math is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411058
        • comment openoffice.org-math is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069063
      • AND
        • comment openoffice.org-pyuno is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411056
        • comment openoffice.org-pyuno is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069085
      • AND
        • comment openoffice.org-sdk is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411024
        • comment openoffice.org-sdk is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080537270
      • AND
        • comment openoffice.org-sdk-doc is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411084
        • comment openoffice.org-sdk-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080537236
      • AND
        • comment openoffice.org-testtools is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411108
        • comment openoffice.org-testtools is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069075
      • AND
        • comment openoffice.org-ure is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411036
        • comment openoffice.org-ure is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20100459148
      • AND
        • comment openoffice.org-writer is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411012
        • comment openoffice.org-writer is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069027
      • AND
        • comment openoffice.org-xsltfilter is earlier than 1:3.1.1-19.10.el5_8.1
          oval oval:com.redhat.rhsa:tst:20120411032
        • comment openoffice.org-xsltfilter is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070069123
    rhsa
    id RHSA-2012:0411
    released 2012-03-22
    severity Important
    title RHSA-2012:0411: openoffice.org security update (Important)
rpms
  • raptor-0:1.4.18-5.el6_2.1
  • raptor-devel-0:1.4.18-5.el6_2.1
  • openoffice.org-base-1:3.1.1-19.10.el5_8.1
  • openoffice.org-calc-1:3.1.1-19.10.el5_8.1
  • openoffice.org-core-1:3.1.1-19.10.el5_8.1
  • openoffice.org-draw-1:3.1.1-19.10.el5_8.1
  • openoffice.org-emailmerge-1:3.1.1-19.10.el5_8.1
  • openoffice.org-graphicfilter-1:3.1.1-19.10.el5_8.1
  • openoffice.org-headless-1:3.1.1-19.10.el5_8.1
  • openoffice.org-impress-1:3.1.1-19.10.el5_8.1
  • openoffice.org-javafilter-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-af_ZA-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-ar-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-as_IN-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-bg_BG-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-bn-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-ca_ES-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-cs_CZ-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-cy_GB-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-da_DK-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-de-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-el_GR-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-es-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-et_EE-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-eu_ES-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-fi_FI-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-fr-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-ga_IE-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-gl_ES-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-gu_IN-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-he_IL-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-hi_IN-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-hr_HR-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-hu_HU-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-it-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-ja_JP-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-kn_IN-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-ko_KR-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-lt_LT-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-ml_IN-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-mr_IN-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-ms_MY-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-nb_NO-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-nl-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-nn_NO-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-nr_ZA-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-nso_ZA-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-or_IN-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-pa_IN-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-pl_PL-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-pt_BR-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-pt_PT-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-ru-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-sk_SK-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-sl_SI-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-sr_CS-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-ss_ZA-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-st_ZA-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-sv-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-ta_IN-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-te_IN-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-th_TH-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-tn_ZA-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-tr_TR-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-ts_ZA-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-ur-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-ve_ZA-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-xh_ZA-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-zh_CN-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-zh_TW-1:3.1.1-19.10.el5_8.1
  • openoffice.org-langpack-zu_ZA-1:3.1.1-19.10.el5_8.1
  • openoffice.org-math-1:3.1.1-19.10.el5_8.1
  • openoffice.org-pyuno-1:3.1.1-19.10.el5_8.1
  • openoffice.org-sdk-1:3.1.1-19.10.el5_8.1
  • openoffice.org-sdk-doc-1:3.1.1-19.10.el5_8.1
  • openoffice.org-testtools-1:3.1.1-19.10.el5_8.1
  • openoffice.org-ure-1:3.1.1-19.10.el5_8.1
  • openoffice.org-writer-1:3.1.1-19.10.el5_8.1
  • openoffice.org-xsltfilter-1:3.1.1-19.10.el5_8.1
refmap via4
bid 52681
confirm
debian DSA-2438
fedora
  • FEDORA-2012-4629
  • FEDORA-2012-4663
gentoo
  • GLSA-201209-05
  • GLSA-201408-19
mandriva
  • MDVSA-2012:061
  • MDVSA-2012:062
  • MDVSA-2012:063
misc http://vsecurity.com/resources/advisory/20120324-1/
mlist [oss-security] 20120427 Fwd: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)
osvdb 80307
sectrack 1026837
secunia
  • 48479
  • 48493
  • 48494
  • 48526
  • 48529
  • 48542
  • 48649
  • 50692
  • 60799
xf openoffice-xml-info-disclosure(74235)
Last major update 13-11-2014 - 22:00
Published 16-06-2012 - 23:41
Last modified 28-08-2017 - 21:30
Back to Top