Fwd: [gentoo-announce] [ GLSA 201611-03 ] LibreOffice, OpenOffice: Multiple vulnerabilities

Jonathan Aquilina jaquilina at eagleeyet.net
Fri Nov 4 08:23:54 UTC 2016 

Hi Guys not sure if you guys have seen these CVE's but this surfaced on
the gentoo security list.

-------- Original Message -------- 

 		SUBJECT:
 		[gentoo-announce] [ GLSA 201611-03 ] LibreOffice, OpenOffice:
Multiple vulnerabilities

 		DATE:
 		2016-11-04 08:57

 		FROM:
 		Aaron Bauman <bman at gentoo.org>

 		TO:
 		gentoo-announce at lists.gentoo.org

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201611-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: LibreOffice, OpenOffice: Multiple vulnerabilities
     Date: November 04, 2016
     Bugs: #565026, #587566
       ID: 201611-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in both LibreOffice and
OpenOffice, the worst of which allows for the remote execution of
arbitrary code.

Background
==========

LibreOffice is a powerful office suite; its clean interface and
powerful tools let you unleash your creativity and grow your
productivity.

Apache OpenOffice is the leading open-source office software suite for
word processing, spreadsheets, presentations, graphics, databases and
more.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  app-office/libreoffice      < 5.1.4.2                 >= 5.1.4.2 
  2  app-office/libreoffice-bin
                                 < 5.1.4.2                 >= 5.1.4.2 
  3  app-office/openoffice-bin
                                  < 4.1.2                    >= 4.1.2 
    -------------------------------------------------------------------
     3 affected packages

Description
===========

Multiple vulnerabilities have been found in both LibreOffice and
OpenOffice.  Please review the referenced CVE's for specific
information regarding each.

Impact
======

Remote attackers could obtain sensitive information, cause a Denial of
Service condition, or execute arbitrary code.

Workaround
==========

There is no known work around at this time.

Resolution
==========

All LibreOffice users should upgrade their respective packages to the
latest version:

<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/libreoffice-5.1.4.2"
# emerge --ask --oneshot --verbose
">=app-office/libreoffice-bin-debug-5.1.4.2" <code>

All OpenOffice users should upgrade to the latest version:

<code>
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-office/openoffice-bin-4.1.2"<code>

References
==========

[ 1 ] CVE-2015-4551
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4551
[ 2 ] CVE-2015-5212
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5212
[ 3 ] CVE-2015-5213
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5213
[ 4 ] CVE-2015-5214
      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5214
[ 5 ] CVE-2016-4324
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4324

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201611-03

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security at gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice/attachments/20161104/3128bb23/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 968 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/libreoffice/attachments/20161104/3128bb23/attachment.sig>

More information about the LibreOffice mailing list