[gentoo-announce] [ GLSA 201603-05 ] LibreOffice, OpenOffice: Multiple vulnerabilities - gentoo-announce

From:	Kristian Fiskerstrand <k_f@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201603-05 ] LibreOffice, OpenOffice: Multiple vulnerabilities
Date:	Wed, 09 Mar 2016 18:12:14
Message-Id:	`56E066E6.1030900@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201603-05

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: LibreOffice, OpenOffice: Multiple vulnerabilities

9

     Date: March 09, 2016

10

     Bugs: #521136, #522060, #528438, #534684, #547880, #547900, #565028

11

       ID: 201603-05

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in both LibreOffice and

19

OpenOffice allowing remote attackers to execute arbitrary code or cause

20

Denial of Service.

21

22

Background

23

==========

24

25

Apache OpenOffice is the leading open-source office software suite for

26

word processing, spreadsheets, presentations, graphics, databases and

27

more.

28

29

LibreOffice is a powerful office suite; its clean interface and

30

powerful tools let you unleash your creativity and grow your

31

productivity.

32

33

Affected packages

34

=================

35

36

    -------------------------------------------------------------------

37

     Package              /     Vulnerable     /            Unaffected

38

    -------------------------------------------------------------------

39

  1  app-office/libreoffice       < 4.4.2                    >= 4.4.2

40

  2  app-office/libreoffice-bin

41

                                  < 4.4.2                    >= 4.4.2

42

  3  app-office/libreoffice-bin-debug

43

                                  < 4.4.2                    >= 4.4.2

44

  4  app-office/openoffice-bin

45

                                  < 4.1.2                    >= 4.1.2

46

    -------------------------------------------------------------------

47

     4 affected packages

48

49

Description

50

===========

51

52

Multiple vulnerabilities were found in both LibreOffice and OpenOffice

53

that allow the remote execution of arbitrary code and potential Denial

54

of Service.  These vulnerabilities may be exploited through multiple

55

vectors including crafted documents, link handling, printer setup in

56

ODF document types, DOC file formats, and Calc spreadsheets.  Please

57

review the referenced CVE's for specific information regarding each.

58

59

Impact

60

======

61

62

A remote attacker could entice a user to open a specially crafted file

63

using the LibreOffice or OpenOffice suite of software.  Execution of

64

these attacks could possibly result in the execution of arbitrary code

65

with the privileges of the process or a Denial of Service condition.

66

67

Workaround

68

==========

69

70

There is no known work around at this time.

71

72

Resolution

73

==========

74

75

All LibreOffice users should upgrade their respective packages to the

76

latest version:

77

78

  # emerge --sync

79

  # emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.4.2"

80

  # emerge --ask --oneshot -v ">=app-office/libreoffice-bin-4.4.2"

81

  # emerge -a --oneshot -v ">=app-office/libreoffice-bin-debug-4.4.2"

82

83

All OpenOffice users should upgrade to the latest version:

84

85

  # emerge --sync

86

  # emerge --ask --oneshot -v ">=app-office/openoffice-bin-4.1.2"

87

88

References

89

==========

90

91

[ 1 ] CVE-2014-3524

92

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3524

93

[ 2 ] CVE-2014-3575

94

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3575

95

[ 3 ] CVE-2014-3693

96

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3693

97

[ 4 ] CVE-2014-9093

98

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9093

99

[ 5 ] CVE-2015-1774

100

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1774

101

[ 6 ] CVE-2015-4551

102

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4551

103

[ 7 ] CVE-2015-5212

104

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5212

105

[ 8 ] CVE-2015-5213

106

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5213

107

[ 9 ] CVE-2015-5214

108

      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5214

109

110

Availability

111

============

112

113

This GLSA and any updates to it are available for viewing at

114

the Gentoo Security Website:

115

116

 https://security.gentoo.org/glsa/201603-05

117

118

Concerns?

119

=========

120

121

Security is a primary focus of Gentoo Linux and ensuring the

122

confidentiality and security of our users' machines is of utmost

123

importance to us. Any security concerns should be addressed to

124

security@g.o or alternatively, you may file a bug at

125

https://bugs.gentoo.org.

126

127

License

128

=======

129

130

Copyright 2016 Gentoo Foundation, Inc; referenced text

131

belongs to its owner(s).

132

133

The contents of this document are licensed under the

134

Creative Commons - Attribution / Share Alike license.

135

136

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201603-05
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: LibreOffice, OpenOffice: Multiple vulnerabilities
9	Date: March 09, 2016
10	Bugs: #521136, #522060, #528438, #534684, #547880, #547900, #565028
11	ID: 201603-05
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in both LibreOffice and
19	OpenOffice allowing remote attackers to execute arbitrary code or cause
20	Denial of Service.
21
22	Background
23	==========
24
25	Apache OpenOffice is the leading open-source office software suite for
26	word processing, spreadsheets, presentations, graphics, databases and
27	more.
28
29	LibreOffice is a powerful office suite; its clean interface and
30	powerful tools let you unleash your creativity and grow your
31	productivity.
32
33	Affected packages
34	=================
35
36	-------------------------------------------------------------------
37	Package / Vulnerable / Unaffected
38	-------------------------------------------------------------------
39	1 app-office/libreoffice < 4.4.2 >= 4.4.2
40	2 app-office/libreoffice-bin
41	< 4.4.2 >= 4.4.2
42	3 app-office/libreoffice-bin-debug
43	< 4.4.2 >= 4.4.2
44	4 app-office/openoffice-bin
45	< 4.1.2 >= 4.1.2
46	-------------------------------------------------------------------
47	4 affected packages
48
49	Description
50	===========
51
52	Multiple vulnerabilities were found in both LibreOffice and OpenOffice
53	that allow the remote execution of arbitrary code and potential Denial
54	of Service. These vulnerabilities may be exploited through multiple
55	vectors including crafted documents, link handling, printer setup in
56	ODF document types, DOC file formats, and Calc spreadsheets. Please
57	review the referenced CVE's for specific information regarding each.
58
59	Impact
60	======
61
62	A remote attacker could entice a user to open a specially crafted file
63	using the LibreOffice or OpenOffice suite of software. Execution of
64	these attacks could possibly result in the execution of arbitrary code
65	with the privileges of the process or a Denial of Service condition.
66
67	Workaround
68	==========
69
70	There is no known work around at this time.
71
72	Resolution
73	==========
74
75	All LibreOffice users should upgrade their respective packages to the
76	latest version:
77
78	# emerge --sync
79	# emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.4.2"
80	# emerge --ask --oneshot -v ">=app-office/libreoffice-bin-4.4.2"
81	# emerge -a --oneshot -v ">=app-office/libreoffice-bin-debug-4.4.2"
82
83	All OpenOffice users should upgrade to the latest version:
84
85	# emerge --sync
86	# emerge --ask --oneshot -v ">=app-office/openoffice-bin-4.1.2"
87
88	References
89	==========
90
91	[ 1 ] CVE-2014-3524
92	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3524
93	[ 2 ] CVE-2014-3575
94	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3575
95	[ 3 ] CVE-2014-3693
96	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3693
97	[ 4 ] CVE-2014-9093
98	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9093
99	[ 5 ] CVE-2015-1774
100	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1774
101	[ 6 ] CVE-2015-4551
102	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4551
103	[ 7 ] CVE-2015-5212
104	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5212
105	[ 8 ] CVE-2015-5213
106	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5213
107	[ 9 ] CVE-2015-5214
108	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5214
109
110	Availability
111	============
112
113	This GLSA and any updates to it are available for viewing at
114	the Gentoo Security Website:
115
116	https://security.gentoo.org/glsa/201603-05
117
118	Concerns?
119	=========
120
121	Security is a primary focus of Gentoo Linux and ensuring the
122	confidentiality and security of our users' machines is of utmost
123	importance to us. Any security concerns should be addressed to
124	security@g.o or alternatively, you may file a bug at
125	https://bugs.gentoo.org.
126
127	License
128	=======
129
130	Copyright 2016 Gentoo Foundation, Inc; referenced text
131	belongs to its owner(s).
132
133	The contents of this document are licensed under the
134	Creative Commons - Attribution / Share Alike license.
135
136	http://creativecommons.org/licenses/by-sa/2.5