Date: prev next · Thread: first prev next last
2016 Archives by date, by thread · List index


Hi Guys not sure if you guys have seen these CVE's but this surfaced on
the gentoo security list.

-------- Original Message -------- 

                SUBJECT:
                [gentoo-announce] [ GLSA 201611-03 ] LibreOffice, OpenOffice:
Multiple vulnerabilities

                DATE:
                2016-11-04 08:57

                FROM:
                Aaron Bauman <bman@gentoo.org>

                TO:
                gentoo-announce@lists.gentoo.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201611-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: LibreOffice, OpenOffice: Multiple vulnerabilities
     Date: November 04, 2016
     Bugs: #565026, #587566
       ID: 201611-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in both LibreOffice and
OpenOffice, the worst of which allows for the remote execution of
arbitrary code.

Background
==========

LibreOffice is a powerful office suite; its clean interface and
powerful tools let you unleash your creativity and grow your
productivity.

Apache OpenOffice is the leading open-source office software suite for
word processing, spreadsheets, presentations, graphics, databases and
more.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  app-office/libreoffice      < 5.1.4.2                 >= 5.1.4.2 
  2  app-office/libreoffice-bin
                                 < 5.1.4.2                 >= 5.1.4.2 
  3  app-office/openoffice-bin
                                  < 4.1.2                    >= 4.1.2 
    -------------------------------------------------------------------
     3 affected packages

Description
===========

Multiple vulnerabilities have been found in both LibreOffice and
OpenOffice.  Please review the referenced CVE's for specific
information regarding each.

Impact
======

Remote attackers could obtain sensitive information, cause a Denial of
Service condition, or execute arbitrary code.

Workaround
==========

There is no known work around at this time.

Resolution
==========

All LibreOffice users should upgrade their respective packages to the
latest version:

<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/libreoffice-5.1.4.2"
# emerge --ask --oneshot --verbose
">=app-office/libreoffice-bin-debug-5.1.4.2" <code>

All OpenOffice users should upgrade to the latest version:

<code>
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-office/openoffice-bin-4.1.2"<code>

References
==========

[ 1 ] CVE-2015-4551
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4551
[ 2 ] CVE-2015-5212
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5212
[ 3 ] CVE-2015-5213
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5213
[ 4 ] CVE-2015-5214
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5214
[ 5 ] CVE-2016-4324
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4324

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201611-03

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Attachment: signature.asc
Description: PGP signature


Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.