[oi-dev] Security update: Update to LibreOffice 4.4.7

Thomas Wagner tom-oi-dev at tom.bn-ulm.de
Fri Dec 25 18:15:34 UTC 2015


Hi Ken,

we have version 4.4.5 in the binary repo.

I couldn't find a location with a patch for this CVE; so if anyone
has better luck, I would integrate it and rebuild the packages.

Until then, users may not blindly click on links in documents they
don't trust the source.

Regards,
Thomas

On Tue, Dec 22, 2015 at 04:15:06PM +0000, ken mays via oi-dev wrote:
> 
>    Security update: Update to LibreOffice 4.4.7
>    Location: OI-SFE packaging
>    LibreOffice is an open source, community-developed office productivity
>    suite. It includes key desktop applications, such as a word processor,
>    a
>    spreadsheet, a presentation manager, a formula editor, and a drawing
>    program. LibreOffice replaces OpenOffice and provides a similar but
>    enhanced and extended office suite.
>    It was discovered that LibreOffice did not properly restrict automatic
>    link
>    updates. By tricking a victim into opening specially crafted
>    documents, an
>    attacker could possibly use this flaw to disclose contents of files
>    accessible by the victim. (CVE-2015-4551)
>    An integer underflow flaw leading to a heap-based buffer overflow when
>    parsing PrinterSetup data was discovered. By tricking a user into
>    opening a
>    specially crafted document, an attacker could possibly exploit this
>    flaw to
>    execute arbitrary code with the privileges of the user opening the
>    file.
>    (CVE-2015-5212)
>    An integer overflow flaw, leading to a heap-based buffer overflow, was
>    found in the way LibreOffice processed certain Microsoft Word .doc
>    files.
>    By tricking a user into opening a specially crafted Microsoft Word
>    .doc
>    document, an attacker could possibly use this flaw to execute
>    arbitrary
>    code with the privileges of the user opening the file. (CVE-2015-5213)
>    It was discovered that LibreOffice did not properly sanity check
>    bookmark
>    indexes. By tricking a user into opening a specially crafted document,
>    an
>    attacker could possibly use this flaw to execute arbitrary code with
>    the
>    privileges of the user opening the file. (CVE-2015-5214)
>    All libreoffice users are advised to upgrade to these updated
>    packages,
>    which contain backported patches to correct these issues.

> _______________________________________________
> oi-dev mailing list
> oi-dev at openindiana.org
> http://openindiana.org/mailman/listinfo/oi-dev

-- 
-- 
Thomas Wagner

------------------------------------------------------------------------
Service rund um UNIX(TM),     Wagner Network Services, Thomas Wagner
Solaris(TM), Linux(TM)        Eschenweg 21, 89174 Altheim, Germany
Novell(TM), Windows(TM)       TEL: +49-731-9807799, FAX: +49-731-9807711
Telekommunikation, LAN,       MOBILE/CELL: +49-171-6135989
Internet-Service, Elektronik  EMAIL: wagner at wagner-net.com




More information about the oi-dev mailing list