[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201408-19.xml - gentoo-commits

From:	"Kristian Fiskerstrand (k_f)" <k_f@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-201408-19.xml
Date:	Sun, 31 Aug 2014 14:50:43
Message-Id:	`20140831145039.2419445A2@oystercatcher.gentoo.org`

1

k_f         14/08/31 14:50:39

2

3

  Added:                glsa-201408-19.xml

4

  Log:

5

  GLSA 201408-19

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-201408-19.xml

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201408-19.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201408-19.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-201408-19.xml

14

===================================================================

15

<?xml version="1.0" encoding="UTF-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

<glsa id="201408-19">

20

  <title>OpenOffice, LibreOffice: Multiple vulnerabilities</title>

21

  <synopsis>Multiple vulnerabilities have been found in OpenOffice and

22

    LibreOffice, the worst of which may result in execution of arbitrary code.

23

  </synopsis>

24

  <product type="ebuild">openoffice</product>

25

  <announced>August 31, 2014</announced>

26

  <revised>August 31, 2014: 1</revised>

27

  <bug>283370</bug>

28

  <bug>305195</bug>

29

  <bug>320491</bug>

30

  <bug>332321</bug>

31

  <bug>352864</bug>

32

  <bug>386081</bug>

33

  <bug>409509</bug>

34

  <bug>429482</bug>

35

  <bug>514886</bug>

36

  <access>remote</access>

37

  <affected>

38

    <package name="app-office/openoffice-bin" auto="yes" arch="*">

39

      <unaffected range="ge">3.5.5.3</unaffected>

40

      <vulnerable range="lt">3.5.5.3</vulnerable>

41

    </package>

42

    <package name="app-office/openoffice" auto="yes" arch="*">

43

      <vulnerable range="le">3.5.5.3</vulnerable>

44

    </package>

45

    <package name="app-office/libreoffice" auto="yes" arch="*">

46

      <unaffected range="ge">4.2.5.2</unaffected>

47

      <vulnerable range="lt">4.2.5.2</vulnerable>

48

    </package>

49

    <package name="app-office/libreoffice-bin" auto="yes" arch="*">

50

      <unaffected range="ge">4.2.5.2</unaffected>

51

      <vulnerable range="lt">4.2.5.2</vulnerable>

52

    </package>

53

  </affected>

54

  <background>

55

    <p>OpenOffice is the open source version of StarOffice, a full office

56

      productivity suite. LibreOffice is a fork of OpenOffice.

57

    </p>

58

  </background>

59

  <description>

60

    <p>Multiple vulnerabilities have been discovered in OpenOffice and

61

      Libreoffice. Please review the CVE identifiers referenced below for

62

      details.

63

    </p>

64

  </description>

65

  <impact type="normal">

66

    <p>A remote attacker could entice a user to open a specially crafted file

67

      using OpenOffice, possibly resulting in execution of arbitrary code with

68

      the privileges of the process, a Denial of Service condition, execution

69

      of arbitrary Python code, authentication bypass, or reading and writing

70

      of arbitrary files.

71

    </p>

72

  </impact>

73

  <workaround>

74

    <p>There is no known workaround at this time.</p>

75

  </workaround>

76

  <resolution>

77

    <p>All OpenOffice (binary) users should upgrade to the latest version:</p>

78

79

    <code>

80

      # emerge --sync

81

      # emerge --ask --oneshot --verbose

82

      "&gt;=app-office/openoffice-bin-3.5.5.3"

83

    </code>

84

85

    <p>All LibreOffice users should upgrade to the latest version:</p>

86

87

    <code>

88

      # emerge --sync

89

      # emerge --ask --oneshot --verbose "&gt;=app-office/libreoffice-4.2.5.2"

90

    </code>

91

92

    <p>All LibreOffice (binary) users should upgrade to the latest version:</p>

93

94

    <code>

95

      # emerge --sync

96

      # emerge --ask --oneshot --verbose

97

      "&gt;=app-office/libreoffice-bin-4.2.5.2"

98

    </code>

99

100

    <p>We recommend that users unmerge OpenOffice:</p>

101

102

    <code>

103

      # emerge --unmerge "app-office/openoffice"

104

    </code>

105

  </resolution>

106

  <references>

107

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4339">CVE-2006-4339</uri>

108

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0200">CVE-2009-0200</uri>

109

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0201">CVE-2009-0201</uri>

110

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0217">CVE-2009-0217</uri>

111

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2949">CVE-2009-2949</uri>

112

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2950">CVE-2009-2950</uri>

113

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3301">CVE-2009-3301</uri>

114

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3302">CVE-2009-3302</uri>

115

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0395">CVE-2010-0395</uri>

116

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2935">CVE-2010-2935</uri>

117

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2936">CVE-2010-2936</uri>

118

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3450">CVE-2010-3450</uri>

119

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3451">CVE-2010-3451</uri>

120

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3452">CVE-2010-3452</uri>

121

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3453">CVE-2010-3453</uri>

122

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3454">CVE-2010-3454</uri>

123

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3689">CVE-2010-3689</uri>

124

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4253">CVE-2010-4253</uri>

125

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4643">CVE-2010-4643</uri>

126

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2713">CVE-2011-2713</uri>

127

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0037">CVE-2012-0037</uri>

128

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1149">CVE-2012-1149</uri>

129

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2149">CVE-2012-2149</uri>

130

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2334">CVE-2012-2334</uri>

131

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665">CVE-2012-2665</uri>

132

    <uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0247">CVE-2014-0247</uri>

133

  </references>

134

  <metadata tag="requester" timestamp="Fri, 07 Oct 2011 23:37:58 +0000">craig</metadata>

135

  <metadata tag="submitter" timestamp="Sun, 31 Aug 2014 14:48:34 +0000">ackle</metadata>

136

</glsa>

1	k_f 14/08/31 14:50:39
2
3	Added: glsa-201408-19.xml
4	Log:
5	GLSA 201408-19
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-201408-19.xml
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201408-19.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo/xml/htdocs/security/en/glsa/glsa-201408-19.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-201408-19.xml
14	===================================================================
15	<?xml version="1.0" encoding="UTF-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19	<glsa id="201408-19">
20	<title>OpenOffice, LibreOffice: Multiple vulnerabilities</title>
21	<synopsis>Multiple vulnerabilities have been found in OpenOffice and
22	LibreOffice, the worst of which may result in execution of arbitrary code.
23	</synopsis>
24	<product type="ebuild">openoffice</product>
25	<announced>August 31, 2014</announced>
26	<revised>August 31, 2014: 1</revised>
27	<bug>283370</bug>
28	<bug>305195</bug>
29	<bug>320491</bug>
30	<bug>332321</bug>
31	<bug>352864</bug>
32	<bug>386081</bug>
33	<bug>409509</bug>
34	<bug>429482</bug>
35	<bug>514886</bug>
36	<access>remote</access>
37	<affected>
38	<package name="app-office/openoffice-bin" auto="yes" arch="*">
39	<unaffected range="ge">3.5.5.3</unaffected>
40	<vulnerable range="lt">3.5.5.3</vulnerable>
41	</package>
42	<package name="app-office/openoffice" auto="yes" arch="*">
43	<vulnerable range="le">3.5.5.3</vulnerable>
44	</package>
45	<package name="app-office/libreoffice" auto="yes" arch="*">
46	<unaffected range="ge">4.2.5.2</unaffected>
47	<vulnerable range="lt">4.2.5.2</vulnerable>
48	</package>
49	<package name="app-office/libreoffice-bin" auto="yes" arch="*">
50	<unaffected range="ge">4.2.5.2</unaffected>
51	<vulnerable range="lt">4.2.5.2</vulnerable>
52	</package>
53	</affected>
54	<background>
55	<p>OpenOffice is the open source version of StarOffice, a full office
56	productivity suite. LibreOffice is a fork of OpenOffice.
57	</p>
58	</background>
59	<description>
60	<p>Multiple vulnerabilities have been discovered in OpenOffice and
61	Libreoffice. Please review the CVE identifiers referenced below for
62	details.
63	</p>
64	</description>
65	<impact type="normal">
66	<p>A remote attacker could entice a user to open a specially crafted file
67	using OpenOffice, possibly resulting in execution of arbitrary code with
68	the privileges of the process, a Denial of Service condition, execution
69	of arbitrary Python code, authentication bypass, or reading and writing
70	of arbitrary files.
71	</p>
72	</impact>
73	<workaround>
74	<p>There is no known workaround at this time.</p>
75	</workaround>
76	<resolution>
77	<p>All OpenOffice (binary) users should upgrade to the latest version:</p>
78
79	<code>
80	# emerge --sync
81	# emerge --ask --oneshot --verbose
82	">=app-office/openoffice-bin-3.5.5.3"
83	</code>
84
85	<p>All LibreOffice users should upgrade to the latest version:</p>
86
87	<code>
88	# emerge --sync
89	# emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.2.5.2"
90	</code>
91
92	<p>All LibreOffice (binary) users should upgrade to the latest version:</p>
93
94	<code>
95	# emerge --sync
96	# emerge --ask --oneshot --verbose
97	">=app-office/libreoffice-bin-4.2.5.2"
98	</code>
99
100	<p>We recommend that users unmerge OpenOffice:</p>
101
102	<code>
103	# emerge --unmerge "app-office/openoffice"
104	</code>
105	</resolution>
106	<references>
107	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4339">CVE-2006-4339</uri>
108	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0200">CVE-2009-0200</uri>
109	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0201">CVE-2009-0201</uri>
110	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0217">CVE-2009-0217</uri>
111	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2949">CVE-2009-2949</uri>
112	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2950">CVE-2009-2950</uri>
113	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3301">CVE-2009-3301</uri>
114	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3302">CVE-2009-3302</uri>
115	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0395">CVE-2010-0395</uri>
116	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2935">CVE-2010-2935</uri>
117	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2936">CVE-2010-2936</uri>
118	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3450">CVE-2010-3450</uri>
119	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3451">CVE-2010-3451</uri>
120	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3452">CVE-2010-3452</uri>
121	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3453">CVE-2010-3453</uri>
122	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3454">CVE-2010-3454</uri>
123	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3689">CVE-2010-3689</uri>
124	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4253">CVE-2010-4253</uri>
125	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4643">CVE-2010-4643</uri>
126	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2713">CVE-2011-2713</uri>
127	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0037">CVE-2012-0037</uri>
128	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1149">CVE-2012-1149</uri>
129	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2149">CVE-2012-2149</uri>
130	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2334">CVE-2012-2334</uri>
131	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665">CVE-2012-2665</uri>
132	<uri link="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0247">CVE-2014-0247</uri>
133	</references>
134	<metadata tag="requester" timestamp="Fri, 07 Oct 2011 23:37:58 +0000">craig</metadata>
135	<metadata tag="submitter" timestamp="Sun, 31 Aug 2014 14:48:34 +0000">ackle</metadata>
136	</glsa>

Gentoo Archives: gentoo-commits