[oi-dev] Security update: Update to LibreOffice 4.4.7

Aurélien Larcher aurelien.larcher at gmail.com
Fri Dec 25 18:25:56 UTC 2015 

Hi,
Should this be the subject of a post on the OI website ?
Better visibility of such security announcements could be appreciated by
users.
I can create a category with a dedicated page for such information if there
is interest.
Best regards

Aurélien

On Fri, Dec 25, 2015 at 7:15 PM, Thomas Wagner <tom-oi-dev at tom.bn-ulm.de>
wrote:

> Hi Ken,
>
> we have version 4.4.5 in the binary repo.
>
> I couldn't find a location with a patch for this CVE; so if anyone
> has better luck, I would integrate it and rebuild the packages.
>
> Until then, users may not blindly click on links in documents they
> don't trust the source.
>
> Regards,
> Thomas
>
> On Tue, Dec 22, 2015 at 04:15:06PM +0000, ken mays via oi-dev wrote:
> >
> >    Security update: Update to LibreOffice 4.4.7
> >    Location: OI-SFE packaging
> >    LibreOffice is an open source, community-developed office productivity
> >    suite. It includes key desktop applications, such as a word processor,
> >    a
> >    spreadsheet, a presentation manager, a formula editor, and a drawing
> >    program. LibreOffice replaces OpenOffice and provides a similar but
> >    enhanced and extended office suite.
> >    It was discovered that LibreOffice did not properly restrict automatic
> >    link
> >    updates. By tricking a victim into opening specially crafted
> >    documents, an
> >    attacker could possibly use this flaw to disclose contents of files
> >    accessible by the victim. (CVE-2015-4551)
> >    An integer underflow flaw leading to a heap-based buffer overflow when
> >    parsing PrinterSetup data was discovered. By tricking a user into
> >    opening a
> >    specially crafted document, an attacker could possibly exploit this
> >    flaw to
> >    execute arbitrary code with the privileges of the user opening the
> >    file.
> >    (CVE-2015-5212)
> >    An integer overflow flaw, leading to a heap-based buffer overflow, was
> >    found in the way LibreOffice processed certain Microsoft Word .doc
> >    files.
> >    By tricking a user into opening a specially crafted Microsoft Word
> >    .doc
> >    document, an attacker could possibly use this flaw to execute
> >    arbitrary
> >    code with the privileges of the user opening the file. (CVE-2015-5213)
> >    It was discovered that LibreOffice did not properly sanity check
> >    bookmark
> >    indexes. By tricking a user into opening a specially crafted document,
> >    an
> >    attacker could possibly use this flaw to execute arbitrary code with
> >    the
> >    privileges of the user opening the file. (CVE-2015-5214)
> >    All libreoffice users are advised to upgrade to these updated
> >    packages,
> >    which contain backported patches to correct these issues.
>
> > _______________________________________________
> > oi-dev mailing list
> > oi-dev at openindiana.org
> > http://openindiana.org/mailman/listinfo/oi-dev
>
> --
> --
> Thomas Wagner
>
> ------------------------------------------------------------------------
> Service rund um UNIX(TM),     Wagner Network Services, Thomas Wagner
> Solaris(TM), Linux(TM)        Eschenweg 21, 89174 Altheim, Germany
> Novell(TM), Windows(TM)       TEL: +49-731-9807799, FAX: +49-731-9807711
> Telekommunikation, LAN,       MOBILE/CELL: +49-171-6135989
> Internet-Service, Elektronik  EMAIL: wagner at wagner-net.com
>
> _______________________________________________
> oi-dev mailing list
> oi-dev at openindiana.org
> http://openindiana.org/mailman/listinfo/oi-dev
>



-- 
---
Praise the Caffeine embeddings
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20151225/5bd2cf12/attachment-0005.html>

More information about the oi-dev mailing list