Fwd: [gentoo-announce] [ GLSA 201611-03 ] LibreOffice, OpenOffice: Multiple vulnerabilities
Jonathan Aquilina
jaquilina at eagleeyet.net
Fri Nov 4 08:23:54 UTC 2016
Hi Guys not sure if you guys have seen these CVE's but this surfaced on
the gentoo security list.
-------- Original Message --------
SUBJECT:
[gentoo-announce] [ GLSA 201611-03 ] LibreOffice, OpenOffice:
Multiple vulnerabilities
DATE:
2016-11-04 08:57
FROM:
Aaron Bauman <bman at gentoo.org>
TO:
gentoo-announce at lists.gentoo.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201611-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: LibreOffice, OpenOffice: Multiple vulnerabilities
Date: November 04, 2016
Bugs: #565026, #587566
ID: 201611-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in both LibreOffice and
OpenOffice, the worst of which allows for the remote execution of
arbitrary code.
Background
==========
LibreOffice is a powerful office suite; its clean interface and
powerful tools let you unleash your creativity and grow your
productivity.
Apache OpenOffice is the leading open-source office software suite for
word processing, spreadsheets, presentations, graphics, databases and
more.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-office/libreoffice < 5.1.4.2 >= 5.1.4.2
2 app-office/libreoffice-bin
< 5.1.4.2 >= 5.1.4.2
3 app-office/openoffice-bin
< 4.1.2 >= 4.1.2
-------------------------------------------------------------------
3 affected packages
Description
===========
Multiple vulnerabilities have been found in both LibreOffice and
OpenOffice. Please review the referenced CVE's for specific
information regarding each.
Impact
======
Remote attackers could obtain sensitive information, cause a Denial of
Service condition, or execute arbitrary code.
Workaround
==========
There is no known work around at this time.
Resolution
==========
All LibreOffice users should upgrade their respective packages to the
latest version:
<code>
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/libreoffice-5.1.4.2"
# emerge --ask --oneshot --verbose
">=app-office/libreoffice-bin-debug-5.1.4.2" <code>
All OpenOffice users should upgrade to the latest version:
<code>
# emerge --sync
# emerge --ask --oneshot --verbose
">=app-office/openoffice-bin-4.1.2"<code>
References
==========
[ 1 ] CVE-2015-4551
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4551
[ 2 ] CVE-2015-5212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5212
[ 3 ] CVE-2015-5213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5213
[ 4 ] CVE-2015-5214
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5214
[ 5 ] CVE-2016-4324
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4324
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201611-03
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security at gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice/attachments/20161104/3128bb23/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 968 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/libreoffice/attachments/20161104/3128bb23/attachment.sig>
More information about the LibreOffice
mailing list