DSA-2468

Executive Summary

Summary
Title	libjakarta-poi-java security update

Informations
Name	DSA-2468	First vendor Publication	2012-05-09
Vendor	Debian	Last vendor Modification	2012-05-09
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered that Apache POI, a Java implementation of the Microsoft Office file formats, would allocate arbitrary amounts of memory when processing crafted documents. This could impact the stability of the Java virtual machine.

For the stable distribution (squeeze), this problem has been fixed in version 3.6+dfsg-1+squeeze1.

We recommend that you upgrade your libjakarta-poi-java packages.

Original Source

Url : http://www.debian.org/security/2012/dsa-2468

CWE : Common Weakness Enumeration

id	Name
CWE-399	Resource Management Errors

CPE : Common Platform Enumeration

Type	Description	Count
Application	Apache Poi cpe:/a:apache:poi:3.8:beta4 cpe:/a:apache:poi:3.8:beta5 cpe:/a:apache:poi:3.8:beta2 cpe:/a:apache:poi:3.8 cpe:/a:apache:poi:3.8:beta1 cpe:/a:apache:poi:3.8:beta3 cpe:/a:apache:poi:3.7:beta3 cpe:/a:apache:poi:3.7 cpe:/a:apache:poi:3.7:beta2 cpe:/a:apache:poi:3.7:beta1 cpe:/a:apache:poi:3.6 cpe:/a:apache:poi:3.5:beta4 cpe:/a:apache:poi:3.5:beta2 cpe:/a:apache:poi:3.5 cpe:/a:apache:poi:3.5:beta3 cpe:/a:apache:poi:3.5:beta6 cpe:/a:apache:poi:3.5:beta5 cpe:/a:apache:poi:3.5:beta1 cpe:/a:apache:poi:3.2 cpe:/a:apache:poi:3.1:beta1 cpe:/a:apache:poi:3.1:beta2 cpe:/a:apache:poi:3.1 cpe:/a:apache:poi:3.0.2:beta2 cpe:/a:apache:poi:3.0.2:beta1 cpe:/a:apache:poi:3.0.2 cpe:/a:apache:poi:3.0.1 cpe:/a:apache:poi:3.0:alpha2 cpe:/a:apache:poi:3.0 cpe:/a:apache:poi:3.0:alpha3 cpe:/a:apache:poi:3.0:alpha1 cpe:/a:apache:poi:2.5.1 cpe:/a:apache:poi:2.5 cpe:/a:apache:poi:2.0:pre3 cpe:/a:apache:poi:2.0:rc1 cpe:/a:apache:poi:2.0:pre1 cpe:/a:apache:poi:2.0 cpe:/a:apache:poi:2.0:pre2 cpe:/a:apache:poi:2.0:rc2 cpe:/a:apache:poi:1.8:dev cpe:/a:apache:poi:1.7:dev cpe:/a:apache:poi:1.5.1 cpe:/a:apache:poi:1.5 cpe:/a:apache:poi:1.2.0 cpe:/a:apache:poi:1.10:dev cpe:/a:apache:poi:1.1.0 cpe:/a:apache:poi:1.0.2 cpe:/a:apache:poi:1.0.1 cpe:/a:apache:poi:1.0.0 cpe:/a:apache:poi:0.7 cpe:/a:apache:poi:0.6 cpe:/a:apache:poi:0.5 cpe:/a:apache:poi:0.4 cpe:/a:apache:poi:0.3 cpe:/a:apache:poi:0.2 cpe:/a:apache:poi:0.14.0 cpe:/a:apache:poi:0.13.0 cpe:/a:apache:poi:0.12.0 cpe:/a:apache:poi:0.11.0 cpe:/a:apache:poi:0.10.0 cpe:/a:apache:poi:0.1	60