Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in LibreOffice
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in LibreOffice
ID: FEDORA-2015-7022
Distribution: Fedora
Plattformen: Fedora 21
Datum: Mi, 29. April 2015, 16:43
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1774

Originalnachricht

Name        : libreoffice
Product : Fedora 21
Version : 4.3.7.2
Release : 3.fc21
URL : http://www.libreoffice.org/
Summary : Free Software Productivity Suite
Description :
LibreOffice is an Open Source, community-developed, office productivity suite.
It includes the key desktop applications, such as a word processor,
spreadsheet, presentation manager, formula editor and drawing program, with a
user interface and feature set similar to other office suites. Sophisticated
and flexible, LibreOffice also works transparently with a variety of file
formats, including Microsoft Office File Formats.

-------------------------------------------------------------------------------
-
Update Information:

Fix some .docx import crashes. And finally fix the re-render of
checked->unchecked checkbox transition

update to 4.3.7
-------------------------------------------------------------------------------
-
ChangeLog:

* Fri Apr 24 2015 Caolán McNamara <caolanm@redhat.com> - 1:4.3.7.2-3
- Resolves: rhbz#1198848 fix DOCX redline import crash
- Resolves: rhbz#1215060 fix docx table import crash
* Fri Apr 24 2015 Caolán McNamara <caolanm@redhat.com> - 1:4.3.7.2-2
- Resolves: tdf#73211 fix gtk checkboxes droppings after toggle off
* Tue Apr 21 2015 David Tardon <dtardon@redhat.com> - 1:4.3.7.2-1
- update to 4.3.7
* Tue Apr 14 2015 Stephan Bergmann <sbergman@redhat.com> - 1:4.3.6.2-9
- Resolves: rhbz#1197614 crash when updating extension
- Resolves: rhbz#1134285 redundant user/password request for WebDAV access
* Tue Apr 7 2015 Caolán McNamara <caolanm@redhat.com> - 1:4.3.6.2-8
- negative after-text indents ignored by msword for apos
* Fri Mar 27 2015 Caolán McNamara <caolanm@redhat.com> - 1:4.3.6.2-7
- Resolves: rhbz#1183806 crash on pressing delete in empty pivot table lists
* Thu Mar 26 2015 Caolán McNamara <caolanm@redhat.com> - 1:4.3.6.2-6
- Resolves: tdf#90256 repair invalid docking positions
* Mon Mar 23 2015 Caolán McNamara <caolanm@redhat.com> - 1:4.3.6.2-5
- Resolves: rhbz#1204244 group sdb windows together as 'base'
* Thu Mar 19 2015 Caolán McNamara <caolanm@redhat.com> - 1:4.3.6.2-4
- Resolves: rhbz#1202138 fix crash on exit
* Wed Feb 18 2015 Caolán McNamara <caolanm@redhat.com> - 1:4.3.6.2-3
- Resolves: rhbz#1193971 clear hard coded char props in cells
* Fri Feb 6 2015 Stephan Bergmann <sbergman@redhat.com> - 1:4.3.6.2-2
- Resolves: rhbz#1123710 crash opening Draw
* Mon Feb 2 2015 David Tardon <dtardon@redhat.com> - 1:4.3.6.2-1
- update to 4.3.6
* Fri Jan 30 2015 Caolán McNamara <caolanm@redhat.com> - 1:4.3.5.2-12
- Resolves: rhbz#1136013 ExternalToolEdit crash
- font cache gets broken on adding an embedded font
- if we change the keys we have to resort based on the new keys
- Resolves: rhbz#1184582 crash in grammar checking thread
- Resolves: fdo#88378 flipping by reversing coords no longer works
- Resolves: rhbz#1179642 crash in GetFocus
- don't strip font names of apparent script suffixes
- Resolves: rhbz#1177022 fix PDF embedding of Type 1 fonts
- make certain change-tracking odts not crash on deleting text
* Fri Jan 16 2015 Eike Rathke <erack@redhat.com> - 1:4.3.5.2-11
- Resolves: rhbz#1171828 fdo#86978 append formula cells to track instead of
tree
* Thu Jan 15 2015 Caolán McNamara <caolanm@redhat.com> - 1:4.3.5.2-10
- Resolves: rhbz#1182018 python required for wizards now
- Resolves: rhbz#1180114 writerfilter: don't crash on
w:customXmlDelRangeStart
etc.
- Resolves: rhbz#1162352 SwDataChanged dtor accesses deleted PaM
* Wed Jan 14 2015 Caolán McNamara <caolanm@redhat.com> - 1:4.3.5.2-9
- classic draw rectangles fit to contour utterly broken
- Use the same advanced Ellipse and Rectangle shapes in writer as draw/impress
* Tue Jan 13 2015 Caolán McNamara <caolanm@redhat.com> - 1:4.3.5.2-8
- allow comparing documents which only differ by frame contents
* Mon Jan 12 2015 Caolán McNamara <caolanm@redhat.com> - 1:4.3.5.2-7
- Resolves: fdo#36772 calc and draw tabbars tabs are too small
- Resolves: fdo#73165 spell checking isn't kicking in until typist pauses
- radio check top center bottom alignment for table cells
* Fri Jan 9 2015 David Tardon <dtardon@redhat.com> - 1:4.3.5.2-6
- Resolves: fdo#82681 Draw crashes when copying table row
* Wed Jan 7 2015 Caolán McNamara <caolanm@redhat.com> - 1:4.3.5.2-5
- Resolves: rhbz#1177547 system autocorr files not detected
* Thu Dec 18 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.5.2-4
- Resolves: rhbz#1175142 nStarts ends up as an invalid -1
* Mon Dec 15 2014 David Tardon <dtardon@redhat.com> - 1:4.3.5.2-3
- Resolves: rhbz#1116534 crash when pasting over a formula
* Fri Dec 12 2014 David Tardon <dtardon@redhat.com> - 1:4.3.5.2-2
- Resolves: fdo#87242 fix unwanted text shadows during cairo animation
* Fri Dec 12 2014 David Tardon <dtardon@redhat.com> - 1:4.3.5.2-1
- new upstream release
* Thu Dec 11 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.4.1-13
- Resolves: rhbz#1173170 fix crash in impress undo
* Tue Dec 9 2014 David Tardon <dtardon@redhat.com> - 1:4.3.4.1-12
- Resolves: fdo#37682 fix export of whole Draw page to PNG
* Mon Dec 8 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.4.1-11
- move officehelper.py to pyuno package so it can be imported from python
- Resolves: rhbz#1164614 xslt dialog crashes if there are no entries
- fix copying and saving of styles in Impress
* Wed Dec 3 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.4.1-10
- Related: fdo#78151 only make outline title and subtitle readonly in
master view
* Tue Dec 2 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.4.1-9
- Fix slow updates with annotations
* Thu Nov 27 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.4.1-8
- Resolves: fdo#84043 don't create duplicate Mirrored props
- Resolves: rhbz#1165444 abrt crash with NULL pView
* Tue Nov 25 2014 Stephan Bergmann <sbergman@redhat.com> - 1:4.3.4.1-7
- Resolves: fdo#1167250 Crash in clipboard code
- Revert: #i63015# always default to WinAnsiEncoding for Type1 pdf export
* Fri Nov 21 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.4.1-6
- Resolves: fdo#86466 Wrong background color shown in impress table
* Thu Nov 20 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.4.1-5
- Resolves: rhbz#1164551 we want to ensure that a libjvm.so is available
but we have no firm interest in which one that is
* Wed Nov 19 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.4.1-4
- Resolves: rhbz#1165740 arbitrarily backport some rtf crash fixes
* Mon Nov 17 2014 Michael Stahl <mstahl@redhat.com>- 1:4.3.4.1-3
- set VCL.WM.ShouldSwitchWorkspace to false to avoid virtual desktop switching
* Thu Nov 13 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.4.1-2
- fix impress table layout cache wrt wrong table selection border
* Tue Nov 11 2014 David Tardon <dtardon@redhat.com> - 1:4.3.4.1-1
- update to 4.3.4 rc1
* Tue Nov 11 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.3.2-6
- strip hard coded numbering off outline master previews
* Mon Nov 10 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.3.2-5
- Resolves: rhbz#1161238 sync PRESOBJ_OUTLINE para depth on load
* Thu Nov 6 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.3.2-4
- Resolves: fdo#60712 Inherits cell styles in inserting rows/columns
- implement toggling off removeable master elements with delete
- Resolves: fdo#78151 change underlying style on toggling bullets on/off in
master view
* Thu Nov 6 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.3.2-3
- Resolves: fdo#76581 copy-and-paste -> slideshow crash in presenter console
* Wed Nov 5 2014 Caolán McNamara <caolanm@redhat.com> - 1:4.3.3.2-2
- Resolves: fdo#37559 revert adding extra dummy polygons
* Tue Oct 28 2014 David Tardon <dtardon@redhat.com> - 1:4.3.3.2-1
- update to 4.3.3 rc2
* Sun Oct 19 2014 David Tardon <dtardon@redhat.com> - 1:4.3.3.1-2
- enable support for 3-D models
* Thu Oct 9 2014 David Tardon <dtardon@redhat.com> - 1:4.3.3.1-1
- update to 4.3.3 rc1
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1216042 - CVE-2015-1774 libreoffice: out-of-bounds write in HWP
file filter
https://bugzilla.redhat.com/show_bug.cgi?id=1216042
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update libreoffice' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung