oss-sec mailing list archives
Re: Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 29 May 2012 10:26:46 +0200
On 05/28/2012 05:09 PM, Jan Lieskovsky wrote:
Hello Apache OpenOffice.org, LibreOffice Security Teams, vendors, originally the CVE-2012-2334 security flaw has been described as follows: [1] http://www.openoffice.org/security/cves/CVE-2012-2334.html [2] http://www.libreoffice.org/advisories/cve-2012-2334/ during internal audit of relevant upstream patches: [3] http://cgit.freedesktop.org/libreoffice/core/commit/?id=28a6558f9d3ca2dda3191f8b5b3f2378ee2533da [4] http://cgit.freedesktop.org/libreoffice/core/commit/?id=512401decb286ba0fc3031939b8f7de8649c502e it has been observed by Florian Weimer that the [4] patch also corrected and integer overflow, being present in the SvxMSDffManager::GetFidclData() routine, which might lead under certain circumstances to possibility of arbitrary code execution too. Update CVE-2012-2334 flaw description is at: [5] https://bugzilla.redhat.com/show_bug.cgi?id=821803#c0 This post is intended to serve as kind request to OpenOffice.org and LibreOffice upstream, they to update their corresponding advisories ([1], [2]) to reflect this fact. For what is related against upstream patches -- upon testing we can confirm, the original ones were complete and this is in no way a new security flaw. But something, which got corrected upstream in previous release(s), and should mention possibility of arbitrary code execution too in order to properly describe this deficiency. OpenOffice.org / LibreOffice upstreams - please update your advisories to reflect this if possible yet. OSS vendors, please note this notification (for case you previously categorized fix for the CVE-2012-2334 flaw as something to be postponed due to lower impact).
Hello Apache OpenOffice.org, LibreOffice Security Teams, vendors, updating the credit information yet it to sound more correctly / appropriately:
Credit for the discovery should go to: Florian Weimer of Red Hat
The above should have read as: "Florian Weimer, Red Hat Product Security Team" Please use this new / latter form in your advisories. Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team P.S.: Would you need further background details due this, contact me or Florian off list.
Current thread:
- Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Jan Lieskovsky (May 28)
- Re: Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Jan Lieskovsky (May 29)
- Re: [Officesecurity] Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Caolán McNamara (May 29)