Test ID:	1.3.6.1.4.1.25623.1.0.71231
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2012:062 (openoffice.org)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to openoffice.org announced via advisory MDVSA-2012:062. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2012-0037). The updated packages have been patched to correct this issue. Affected: Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2012:062 http://www.libreoffice.org/advisories/CVE-2012-0037/ Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0037 1026837 http://www.securitytracker.com/id?1026837 48479 http://secunia.com/advisories/48479 48493 http://secunia.com/advisories/48493 48494 http://secunia.com/advisories/48494 48526 http://secunia.com/advisories/48526 48529 http://secunia.com/advisories/48529 48542 http://secunia.com/advisories/48542 48649 http://secunia.com/advisories/48649 50692 http://secunia.com/advisories/50692 52681 http://www.securityfocus.com/bid/52681 60799 http://secunia.com/advisories/60799 80307 http://www.osvdb.org/80307 DSA-2438 http://www.debian.org/security/2012/dsa-2438 FEDORA-2012-4629 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html FEDORA-2012-4663 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html GLSA-201209-05 http://security.gentoo.org/glsa/glsa-201209-05.xml GLSA-201408-19 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml MDVSA-2012:061 http://www.mandriva.com/security/advisories?name=MDVSA-2012:061 MDVSA-2012:062 http://www.mandriva.com/security/advisories?name=MDVSA-2012:062 MDVSA-2012:063 http://www.mandriva.com/security/advisories?name=MDVSA-2012:063 RHSA-2012:0410 http://rhn.redhat.com/errata/RHSA-2012-0410.html RHSA-2012:0411 http://rhn.redhat.com/errata/RHSA-2012-0411.html [openoffice-commits] 20200305 svn commit: r1874832 - in /openoffice/ooo-site/trunk/content: download/checksums.html download/globalvars.js download/test/globalvars.js security/cves/CVE-2012-0037.html security/cves/CVE-2013-1571.html https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E [oss-security] 20120427 Fwd: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected) http://www.openwall.com/lists/oss-security/2012/03/27/4 http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/ http://librdf.org/raptor/RELEASE.html#rel2_0_7 http://vsecurity.com/resources/advisory/20120324-1/ http://www.libreoffice.org/advisories/CVE-2012-0037/ http://www.openoffice.org/security/cves/CVE-2012-0037.html https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0 openoffice-xml-info-disclosure(74235) https://exchange.xforce.ibmcloud.com/vulnerabilities/74235
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.