Mehrere Probleme in LibreOffice
ID: | USN-2793-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 15.04 |
Datum: | Do, 5. November 2015, 17:50 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5212
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4551 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5213 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5214 |
Applikationen: | LibreOffice |
Originalnachricht |
|
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5943699584571910536== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="17HUqlE2ra2xSPxfWqNWjjQNKDIGPig3X" This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --17HUqlE2ra2xSPxfWqNWjjQNKDIGPig3X Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable ========================================================================== Ubuntu Security Notice USN-2793-1 November 05, 2015 libreoffice vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Several security issues were fixed in LibreOffice. Software Description: - libreoffice: Office productivity suite Details: Federico Scrinzi discovered that LibreOffice incorrectly handled documents inserted into Writer or Calc via links. If a user were tricked into opening a specially crafted document, a remote attacker could possibly obtain the contents of arbitrary files. (CVE-2015-4551) It was discovered that LibreOffice incorrectly handled PrinterSetup data stored in ODF files. If a user were tricked into opening a specially crafted ODF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2015-5212) It was discovered that LibreOffice incorrectly handled the number of pieces in DOC files. If a user were tricked into opening a specially crafted DOC document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2015-5213) It was discovered that LibreOffice incorrectly handled bookmarks in DOC files. If a user were tricked into opening a specially crafted DOC document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2015-5214) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: libreoffice-core 1:4.4.6~rc3-0ubuntu1 Ubuntu 14.04 LTS: libreoffice-core 1:4.2.8-0ubuntu3 Ubuntu 12.04 LTS: libreoffice-core 1:3.5.7-0ubuntu9 After a standard system update you need to restart LibreOffice to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-2793-1 CVE-2015-4551, CVE-2015-5212, CVE-2015-5213, CVE-2015-5214 Package Information: https://launchpad.net/ubuntu/+source/libreoffice/1:4.4.6~rc3-0ubuntu1 https://launchpad.net/ubuntu/+source/libreoffice/1:4.2.8-0ubuntu3 https://launchpad.net/ubuntu/+source/libreoffice/1:3.5.7-0ubuntu9 --17HUqlE2ra2xSPxfWqNWjjQNKDIGPig3X Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJWO4d0AAoJEGVp2FWnRL6T1RMP/Au6Hj45TLAarP5+mi73j9MN ksDgKZGDgLYI06zRIjh65piFmX6hPLI0M1SWysFgPUA4m0uTfpW56l9B83Q8cEKJ sprHCER10bWR9YqHKsIVi38qETYgZ4lHONbmaxxn+df41RpJc35S1qlU2Fk4VbpA Tq1FmCKy3I9ByXUBNqLhA9H3bakvqd3V4aJmQRoSoNCskoDnt3kzZ9m/zEgIxNdy 86qC/Yir/eBxCGJVywjFg+mpdqMeSNfRY9jGdO8cRqyGPZ8WYIWxoEjXsqjvuDkr i0hwQFFlKelc4YLkUd+I8xzLRwkJB+6ZswA3eWLeXtaX1ubNiUqAr4KjgqqFLLBN ufdaQOfuznWfloVS0tlwHQOv7vG93BNY18ofWmD0KgMrGhbLLASIRFOdEvgWWZ1E jcmuN4EfgIvrRNcGR6O/SFnrM6WQdfKB4IXZZe56grGTr1UxDl5TA26vAu/heI2l z9dUcvqilRD8zQ3PmVP8xeXYC1AUaVwLWVbu7eZOnIJf2gAB0LWyfxm2PAXRjGGC CgmNgtAJCtaTtvseoMGeWY+IVWx9UiEHiW0VBEmN/6fuKCV2kD68U3grq9ea9yaZ 4OzkJQSJyqft3Dd6pJMNbqGtXJyyJN6uIGX5c0P392jdcbg6YsF2cIqG8WVtt7P3 INNRSCF0rHSNoRkDfiD2 =vIFh -----END PGP SIGNATURE----- --17HUqlE2ra2xSPxfWqNWjjQNKDIGPig3X-- --===============5943699584571910536== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============5943699584571910536==-- |