<div dir="ltr"><div><div><div>Hi,<br></div>Should this be the subject of a post on the OI website ?<br></div><div>Better visibility of such security announcements could be appreciated by users.<br></div><div>I can create a category with a dedicated page for such information if there is interest.<br></div>Best regards<br><br></div>Aurélien<br><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Dec 25, 2015 at 7:15 PM, Thomas Wagner <span dir="ltr"><<a href="mailto:tom-oi-dev@tom.bn-ulm.de" target="_blank">tom-oi-dev@tom.bn-ulm.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Ken,<br>
<br>
we have version 4.4.5 in the binary repo.<br>
<br>
I couldn't find a location with a patch for this CVE; so if anyone<br>
has better luck, I would integrate it and rebuild the packages.<br>
<br>
Until then, users may not blindly click on links in documents they<br>
don't trust the source.<br>
<br>
Regards,<br>
Thomas<br>
<div><div class="h5"><br>
On Tue, Dec 22, 2015 at 04:15:06PM +0000, ken mays via oi-dev wrote:<br>
><br>
> Security update: Update to LibreOffice 4.4.7<br>
> Location: OI-SFE packaging<br>
> LibreOffice is an open source, community-developed office productivity<br>
> suite. It includes key desktop applications, such as a word processor,<br>
> a<br>
> spreadsheet, a presentation manager, a formula editor, and a drawing<br>
> program. LibreOffice replaces OpenOffice and provides a similar but<br>
> enhanced and extended office suite.<br>
> It was discovered that LibreOffice did not properly restrict automatic<br>
> link<br>
> updates. By tricking a victim into opening specially crafted<br>
> documents, an<br>
> attacker could possibly use this flaw to disclose contents of files<br>
> accessible by the victim. (CVE-2015-4551)<br>
> An integer underflow flaw leading to a heap-based buffer overflow when<br>
> parsing PrinterSetup data was discovered. By tricking a user into<br>
> opening a<br>
> specially crafted document, an attacker could possibly exploit this<br>
> flaw to<br>
> execute arbitrary code with the privileges of the user opening the<br>
> file.<br>
> (CVE-2015-5212)<br>
> An integer overflow flaw, leading to a heap-based buffer overflow, was<br>
> found in the way LibreOffice processed certain Microsoft Word .doc<br>
> files.<br>
> By tricking a user into opening a specially crafted Microsoft Word<br>
> .doc<br>
> document, an attacker could possibly use this flaw to execute<br>
> arbitrary<br>
> code with the privileges of the user opening the file. (CVE-2015-5213)<br>
> It was discovered that LibreOffice did not properly sanity check<br>
> bookmark<br>
> indexes. By tricking a user into opening a specially crafted document,<br>
> an<br>
> attacker could possibly use this flaw to execute arbitrary code with<br>
> the<br>
> privileges of the user opening the file. (CVE-2015-5214)<br>
> All libreoffice users are advised to upgrade to these updated<br>
> packages,<br>
> which contain backported patches to correct these issues.<br>
<br>
</div></div>> _______________________________________________<br>
> oi-dev mailing list<br>
> <a href="mailto:oi-dev@openindiana.org">oi-dev@openindiana.org</a><br>
> <a href="http://openindiana.org/mailman/listinfo/oi-dev" rel="noreferrer" target="_blank">http://openindiana.org/mailman/listinfo/oi-dev</a><br>
<br>
--<br>
--<br>
Thomas Wagner<br>
<br>
------------------------------------------------------------------------<br>
Service rund um UNIX(TM), Wagner Network Services, Thomas Wagner<br>
Solaris(TM), Linux(TM) Eschenweg 21, 89174 Altheim, Germany<br>
Novell(TM), Windows(TM) TEL: <a href="tel:%2B49-731-9807799" value="+497319807799">+49-731-9807799</a>, FAX: <a href="tel:%2B49-731-9807711" value="+497319807711">+49-731-9807711</a><br>
Telekommunikation, LAN, MOBILE/CELL: <a href="tel:%2B49-171-6135989" value="+491716135989">+49-171-6135989</a><br>
Internet-Service, Elektronik EMAIL: <a href="mailto:wagner@wagner-net.com">wagner@wagner-net.com</a><br>
<br>
_______________________________________________<br>
oi-dev mailing list<br>
<a href="mailto:oi-dev@openindiana.org">oi-dev@openindiana.org</a><br>
<a href="http://openindiana.org/mailman/listinfo/oi-dev" rel="noreferrer" target="_blank">http://openindiana.org/mailman/listinfo/oi-dev</a><br>
</blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><font style="font-family:courier new,monospace" size="1">---<br>Praise the Caffeine embeddings<br></font></div></div></div></div>
</div></div>