GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Jun 27, 2016 12:26 am Post subject: [ GLSA 201606-15 ] FreeXL |
|
|
Gentoo Linux Security Advisory
Title: FreeXL: Multiple vulnerabilities (GLSA 201606-15)
Severity: normal
Exploitable: remote
Date: June 26, 2016
Bug(s): #544426
ID: 201606-15
Synopsis
Multiple vulnerabilities have been found in FreeXL, allowing remote
attackers to executive arbitrary code or cause Denial of Service.
Background
FreeXL is an open source library to extract valid data from within an
Excel (.xls) spreadsheet.
Affected Packages
Package: dev-libs/freexl
Vulnerable: < 1.0.1
Unaffected: >= 1.0.1
Architectures: All supported architectures
Description
FreeXL’s shared strings and workbook functions are vulnerable to the
remote execution of arbitrary code and Denial of Service. This can be
achieved through specially crafted workbooks from attackers.
Impact
Remote attackers could potentially execute arbitrary code or cause
Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All FreeXL users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose "dev-libs/freexl-1.0.1"
|
References
CVE-2015-2753
CVE-2015-2754
CVE-2015-2776 |
|