drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberläufe in LibreOffice
Name: |
Pufferüberläufe in LibreOffice |
|
ID: |
FEDORA-2012-11402 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 16 |
|
Datum: |
Sa, 11. August 2012, 08:44 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2665 |
|
Applikationen: |
LibreOffice |
|
Originalnachricht |
Name : libreoffice Product : Fedora 16 Version : 3.4.5.2 Release : 18.fc16 URL : http://www.documentfoundation.org/develop Summary : Free Software Productivity Suite Description : LibreOffice is an Open Source, community-developed, office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, LibreOffice also works transparently with a variety of file formats, including Microsoft Office File Formats.
------------------------------------------------------------------------------- - Update Information:
Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of LibreOffice. An attacker could create a specially-crafted file in the Open Document Format for Office Applications (ODF) format which when opened could cause arbitrary code execution. ------------------------------------------------------------------------------- - ChangeLog:
* Wed Aug 1 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.5.2-18 - Resolves: CVE-2012-2665 * Fri Jun 8 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.5.2-17 - Resolves: rhbz#826609, rhbz#820554 fix smoketest on ppc[64], s390[x] * Thu May 24 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.5.2-16 - Resolves: CVE-2012-2334 * Thu May 17 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.5.2-15 - Resolves: rhbz#822216 CVE-2012-1149 * Mon Apr 23 2012 David Tardon <dtardon@redhat.com> - 3.4.5.2-14 - Resolves: rhbz#815216 Unlocalized strings in print dialog of Calc - Resolves: rhbz#819118 copying a certain sheet lets LibreOffice crash * Wed Apr 18 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.5.2-13 - Resolves: rhbz#809466 libreoffice-core (unintentionally) provides libraptor.so.1()() and librdf.so.0()() - Resolves: rhbz#813280 sheets cannot be moved in Calc * Thu Apr 12 2012 Stephan Bergmann <sbergman@redhat.com> - 3.4.5.2-12 - Fix URIS_ONLY flag issue - Resolves: fdo#38088 rhbz#810267 better CSV import default separators * Mon Apr 2 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.5.2-11 - Resolves: rhbz#708041 focus problems and tearable menus * Thu Mar 29 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.5.2-10 - Resolves: rhbz#789022 SwNodes: fix inconsistent outline check - Resolves: rhbz#806663 SlideshowImpl can outlive SdModule - Resolves: rhbz#807243 require correct version of hsqldb - Resolves: rhbz#807316 don't complain that --nocrashreport is unknown * Tue Mar 6 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.5.2-8 - Resolves: fdo#31966 do not create an empty slide when printing handouts - fixes nsplugin - Resolves: fdo#44816 crash using instances dialog of dataform navigator - Resolves: rhbz#798983 Kannada langpack missing - Resolves: rhbz#798926 fix endianess assumptions of lotuswordpro filter - Resolves: fdo#39694 SwTxtFld: expand new fields to fix race condition - Resolves: fdo#42073 sw: expand all text fields when setting properties - Resolves: rhbz#799628 crash with chewing IM with g3g - Resolves: rhbz#799525 put flat odf mimetypes in xsltfilter.desktop - Resolves: rhbz#784198 show splash screen correctly on multi-head system - Resolves: rhbz#800272 complain about unknown commandline options * Wed Feb 29 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.5.2-7 - Resolves: rhbz#788045 swriter --help wouldn't display help * Thu Feb 23 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.5.2-6 - ensure non broken xml help.tree files - ensure gdb .py files have the same timstamps so that multilib .pyc's and .pyo's have the same content (timestamp in binary cache) - Resolves: fdo#36109 in INDIRECT() make a non-existing sheet produce an error again - Resolves: fdo#41712 sw: fix crash in layout frame linked lists - Resolves: fdo#42771 Fix crash when loading an invalid .fodt - Resolves: fdo#44813 make the refresh query filter NULL-safe - Resolves: fdo#43399 hidden radio button should also gets unset - Resolves: fdo#40261 Fix crash in XML Form Document - Resolves: fdo#45992 fix support for embedded images for basic Dialogs - Resolves: fdo#39510 fix yet more layout crashes in ~SwRootFrm - Resolves: fdo#39657 fix crash when parsing XML signatures - Resolves: rhbz#794679 use proper Indian Rupee currency symbol U+20B9 * Thu Feb 9 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.5.2-5 - Resolves: fdo#38595 border width lost in ODF import - Resolves: fdo#40378 compile defined names that had unresolveds during load - Resolves: fdo#40590 stop abusing regular string token for XML import * Tue Feb 7 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.5.2-4 - Resolves: rhbz#701152 scrolling does not work as expected while viewing specific .doc file - Resolves: fdo#45446 turn off SaveBackwardCompatibleODF * Tue Feb 7 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.5.2-3 - Resolves: fdo#39117 - Resolves: fdo#45450 Only write "style:vertical-justify" and "css3t:text-justify" in ODF extended mode - Resolves: fdo#45449 ODF export: frames: invalid "min-width" - Resolves: fdo#45534 ODF export: fix draw:fit-to-size - Resolves: fdo#38745 fix hilariously stupid stack guards - Resolves: fdo#37024 SwView::SwView: fix BROWSE_MODE setting - Resolves: fdo#35661 - Resolves: i#117545 - Resolves: fdo#45115 SwXTextTable, sc: fix setting borders * Tue Feb 7 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.5.2-2 - Resolves: fdo#44040 VIEWING: Crash when page preview after <f4> - Resolves: fdo#39118 Fixed chart listener registration during ODS import - Resolves: fdo#43725 crash on saving a file - Resolves: fdo#45032 Calc export to HTML with graphics failed - Resolves: rhbz#783556 crash in ScMatrix::GetDimensons() - Resolves: fdo#44178 Align dictionary address with DICT_REPO_URL in instsetoo_native/util/openoffice.lst - Resolves: fdo#43193 fix rotation of shapes in imported MS documents - Resolves: fdo#44065 - Resolves: fdo#44385 restore special DATE handling code for SbxValue::Compute - Resolves: fdo#43479 fix crash on DISTINCT - Resolves: fdo#44208 country code 'IN' is not in use for these locales - Resolves: fdo#45107 - Resolves: fdo#38542 "double" border line ODF import - Resolves: fdo#38515 crasher in dialog destructor - Resolves: fdo#40438 force calculating layout before Activate to avoid crashes and loops - Resolves: rhbz#746174 also export list restart for non root list - Resolves: fdo#42784 BorderLine with only InnerWidth set does not work - Resolves: fdo#45255 edge-case .doc comment import - Resolves: rhbz#788045 fix soffice --help with instance already running - Resolves: rhbz#788042 skip splashscreen with quickstarter * Tue Jan 17 2012 David Tardon <dtardon@redhat.com> - 3.4.5.2-1 - new upstream version 3.4.5 - drop integrated 001-add-Oracle-Java-1.7.0-recognition.patch - drop integrated 001-fix-horizontal-scrollbars-with-KDE-oxygen-style-bnc-.patch - drop integrated 001-fdo-43308-Set-the-logic-straight-for-center-across-s.patch - drop integrated 001-Resolves-rhbz-754051-Libreoffice-calc-crashes-when-r.patch - drop integrated 001-sw-fdo-39159-fdo-40482-temp-selection-print-doc.patch - Resolves: rhbz#771108 English menu in writer despite installation of libreoffice-langpack-de - Resolves: rhbz#661738 Very slow java database operations: Attach/DetachCurrentThread - Resolves: fdo#44078 fix font alias name problems * Fri Jan 6 2012 Caolán McNamara <caolanm@redhat.com> - 3.4.4.2-7 - Resolves: fdo#40482 Writer view options destroyed by printing - Resolves: rhbz#533318 smath does not handle accents in MathML * Thu Dec 15 2011 Caolán McNamara <caolanm@redhat.com> - 3.4.4.2-6 - Resolves: rhbz#761009 IFSD_Equal is asymmetrical - Resolves: rhbz#754051 Libreoffice calc crashes when re-opening a xlxs file - Resolves: rhbz#767708 write to mmap'ed file w/o disk space: SIGBUS * Fri Dec 9 2011 Caolán McNamara <caolanm@redhat.com> - 3.4.4.2-5 - Resolves: rhbz#759647 dispose clears mpPresTimer - Resolves: rhbz#761558 center-across-selection fix * Wed Nov 30 2011 Caolán McNamara <caolanm@redhat.com> - 3.4.4.2-4 - Resolves: rhbz#757653 fix headless crash with cairo canvas - Resolves: rhbz#758338 KDE build problems * Wed Nov 23 2011 Caolán McNamara <caolanm@redhat.com> - 3.4.4.2-3 - Resolves: rhbz#751290 kde black on dark-grey tooltip-texts * Fri Nov 11 2011 Caolán McNamara <caolanm@redhat.com> - 3.4.4.2-2 - Resolves: fdo#42749 KDE oxygen theme and scrollbars * Fri Nov 11 2011 David Tardon <dtardon@redhat.com> - 3.4.4.2-1 - new upstream version 3.4.4 * Thu Nov 10 2011 Caolán McNamara <caolanm@redhat.com> - 3.4.3.2-16 - Resolves: rhbz#751982 shadowed m_aXineramaScreenIndexMap crash * Thu Oct 27 2011 Caolán McNamara <caolanm@redhat.com> - 3.4.3.2-15 - Related: rhbz#748585 throw the additional requires away, because it does not help - add possible fix for detection of java 7 * Tue Oct 25 2011 David Tardon <dtardon@redhat.com> - 3.4.3.2-14 - Resolves: rhbz#748585 libreoffice installs Java 7 * Fri Oct 21 2011 Caolán McNamara <caolanm@redhat.com> - 3.4.3.2-13 - Resolves: rhbz#747356 let Qt call XInitThreads - fix .sdw import * Wed Oct 19 2011 Caolán McNamara <caolanm@redhat.com> - 3.4.3.2-12 - Related: rhbz#743750 addXineramaScreenUnique issue ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #826077 - CVE-2012-2665 openoffice.org, libreoffice: Multiple heap-based buffer overflows in the XML manifest encryption handling code https://bugzilla.redhat.com/show_bug.cgi?id=826077 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update libreoffice' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|