<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div class="" id="yui_3_16_0_1_1450800713354_3107">Security update: Update to LibreOffice 4.4.7</div><div id="yui_3_16_0_1_1450800713354_3189" class=""><br></div><div id="yui_3_16_0_1_1450800713354_3276" class="">Location: OI-SFE packaging</div><div id="yui_3_16_0_1_1450800713354_3279" class=""><br></div><div id="yui_3_16_0_1_1450800713354_3223" class="">LibreOffice is an open source, community-developed office productivity<br class="" id="yui_3_16_0_1_1450800713354_3109">suite. It includes key desktop applications, such as a word processor, a<br class="" id="yui_3_16_0_1_1450800713354_3111">spreadsheet, a presentation manager, a formula editor, and a drawing<br class="" id="yui_3_16_0_1_1450800713354_3113">program. LibreOffice replaces OpenOffice and provides a similar but<br class="" id="yui_3_16_0_1_1450800713354_3115">enhanced and extended office suite.<br class="" id="yui_3_16_0_1_1450800713354_3117"></div><div class="" id="yui_3_16_0_1_1450800713354_3119"><br></div><div id="yui_3_16_0_1_1450800713354_3167" class="">It was discovered that LibreOffice did not properly restrict automatic link<br class="" id="yui_3_16_0_1_1450800713354_3121">updates. By tricking a victim into opening specially crafted documents, an<br class="" id="yui_3_16_0_1_1450800713354_3123">attacker could possibly use this flaw to disclose contents of files<br class="" id="yui_3_16_0_1_1450800713354_3125">accessible by the victim. (CVE-2015-4551)<br class="" id="yui_3_16_0_1_1450800713354_3127"></div><div class="" id="yui_3_16_0_1_1450800713354_3129">An integer underflow flaw leading to a heap-based buffer overflow when<br class="" id="yui_3_16_0_1_1450800713354_3131">parsing PrinterSetup data was discovered. By tricking a user into opening a<br class="" id="yui_3_16_0_1_1450800713354_3133">specially crafted document, an attacker could possibly exploit this flaw to<br class="" id="yui_3_16_0_1_1450800713354_3135">execute arbitrary code with the privileges of the user opening the file.<br class="" id="yui_3_16_0_1_1450800713354_3137">(CVE-2015-5212)<br class="" id="yui_3_16_0_1_1450800713354_3139"></div><div class="" id="yui_3_16_0_1_1450800713354_3141"><br></div><div id="yui_3_16_0_1_1450800713354_3169" class="">An integer overflow flaw, leading to a heap-based buffer overflow, was<br class="" id="yui_3_16_0_1_1450800713354_3143">found in the way LibreOffice processed certain Microsoft Word .doc files.<br class="" id="yui_3_16_0_1_1450800713354_3145">By tricking a user into opening a specially crafted Microsoft Word .doc<br class="" id="yui_3_16_0_1_1450800713354_3147">document, an attacker could possibly use this flaw to execute arbitrary<br class="" id="yui_3_16_0_1_1450800713354_3149">code with the privileges of the user opening the file. (CVE-2015-5213)<br class="" id="yui_3_16_0_1_1450800713354_3151"></div><div class="" id="yui_3_16_0_1_1450800713354_3153">It was discovered that LibreOffice did not properly sanity check bookmark<br class="" id="yui_3_16_0_1_1450800713354_3155">indexes. By tricking a user into opening a specially crafted document, an<br class="" id="yui_3_16_0_1_1450800713354_3157">attacker could possibly use this flaw to execute arbitrary code with the<br class="" id="yui_3_16_0_1_1450800713354_3159">privileges of the user opening the file. (CVE-2015-5214)<br class="" id="yui_3_16_0_1_1450800713354_3161"></div>All libreoffice users are advised to upgrade to these updated packages,<br class="" id="yui_3_16_0_1_1450800713354_3163"><div dir="ltr">which contain backported patches to correct these issues.</div></div></body></html>