GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Sep 24, 2012 11:26 am Post subject: [ GLSA 201209-05 ] LibreOffice: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: LibreOffice: Multiple vulnerabilities (GLSA 201209-05)
Severity: normal
Exploitable: remote
Date: September 24, 2012
Bug(s): #386081, #409455, #416457, #429482
ID: 201209-05
Synopsis
Multiple vulnerabilities have been found in LibreOffice, allowing
remote attackers to execute arbitrary code or cause a Denial of Service.
Background
LibreOffice is a full office productivity suite.
Affected Packages
Package: app-office/libreoffice
Vulnerable: < 3.5.5.3
Unaffected: >= 3.5.5.3
Architectures: All supported architectures
Package: app-office/libreoffice-bin
Vulnerable: < 3.5.5.3
Unaffected: >= 3.5.5.3
Architectures: All supported architectures
Description
Multiple vulnerabilities have been found in LibreOffice: - The Microsoft Word Document parser contains an out-of-bounds read
error (CVE-2011-2713).
- The Raptor RDF parser contains an XML External Entity expansion error
(CVE-2012-0037).
- The graphic loading parser contains an integer overflow error which
could cause a heap-based buffer overflow (CVE-2012-1149).
- Multiple errors in the XML manifest handling code could cause a
heap-based buffer overflow (CVE-2012-2665).
Impact
A remote attacker could entice a user to open a specially crafted
document file using LibreOffice, possibly resulting in execution of
arbitrary code with the privileges of the process or a Denial of Service
condition.
Workaround
There is no known workaround at this time.
Resolution
All LibreOffice users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/libreoffice-3.5.5.3"
|
All users of the LibreOffice binary package should upgrade to the latest
version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=app-office/libreoffice-bin-3.5.5.3"
|
References
CVE-2011-2713
CVE-2012-0037
CVE-2012-1149
CVE-2012-2665 |
|
News & Announcements
