FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-0037

This CVE name corresponds to:

Entered Topic
2012-03-25 raptor/raptor2 -- XXE in RDF/XML File Interpretation

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-0037
Phase Assigned(20111207)

Description

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.

References

Source Reference
MLIST [oss-security] 20120427 Fwd: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)
MISC http://vsecurity.com/resources/advisory/20120324-1/
CONFIRM http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/
CONFIRM http://librdf.org/raptor/RELEASE.html#rel2_0_7
CONFIRM http://www.libreoffice.org/advisories/CVE-2012-0037/
CONFIRM https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0
CONFIRM http://www.openoffice.org/security/cves/CVE-2012-0037.html
DEBIAN DSA-2438
FEDORA FEDORA-2012-4629
FEDORA FEDORA-2012-4663
GENTOO GLSA-201209-05
GENTOO GLSA-201408-19
MANDRIVA MDVSA-2012:061
MANDRIVA MDVSA-2012:062
MANDRIVA MDVSA-2012:063
REDHAT RHSA-2012:0410
REDHAT RHSA-2012:0411
BID 52681
OSVDB 80307
SECTRACK 1026837
SECUNIA 48479
SECUNIA 48493
SECUNIA 48526
SECUNIA 48529
SECUNIA 48542
SECUNIA 48494
SECUNIA 48649
SECUNIA 50692
SECUNIA 60799
XF openoffice-xml-info-disclosure(74235)