- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201408-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: OpenOffice, LibreOffice: Multiple vulnerabilities
     Date: August 31, 2014
     Bugs: #283370, #305195, #320491, #332321, #352864, #386081,
           #409509, #429482, #514886
       ID: 201408-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been found in OpenOffice and LibreOffice,
the worst of which may result in execution of arbitrary code.

Background
=========
OpenOffice is the open source version of StarOffice, a full office
productivity suite. LibreOffice is a fork of OpenOffice.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  app-office/openoffice-bin
                                 < 3.5.5.3                 >= 3.5.5.3
  2  app-office/openoffice       <= 3.5.5.3                Vulnerable!
  3  app-office/libreoffice      < 4.2.5.2                 >= 4.2.5.2
  4  app-office/libreoffice-bin
                                 < 4.2.5.2                 >= 4.2.5.2
    -------------------------------------------------------------------
     NOTE: Certain packages are still vulnerable. Users should migrate
           to another package if one is available or wait for the
           existing packages to be marked stable by their
           architecture maintainers.
    -------------------------------------------------------------------
     4 affected packages

Description
==========
Multiple vulnerabilities have been discovered in OpenOffice and
Libreoffice. Please review the CVE identifiers referenced below for
details.

Impact
=====
A remote attacker could entice a user to open a specially crafted file
using OpenOffice, possibly resulting in execution of arbitrary code
with the privileges of the process, a Denial of Service condition,
execution of arbitrary Python code, authentication bypass, or reading
and writing of arbitrary files.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All OpenOffice (binary) users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=app-office/openoffice-bin-3.5.5.3"

All LibreOffice users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.2.5.2"

All LibreOffice (binary) users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot -v ">=app-office/libreoffice-bin-4.2.5.2"

We recommend that users unmerge OpenOffice:

  # emerge --unmerge "app-office/openoffice"

References
=========
[  1 ] CVE-2006-4339
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4339
[  2 ] CVE-2009-0200
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0200
[  3 ] CVE-2009-0201
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0201
[  4 ] CVE-2009-0217
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0217
[  5 ] CVE-2009-2949
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2949
[  6 ] CVE-2009-2950
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2950
[  7 ] CVE-2009-3301
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3301
[  8 ] CVE-2009-3302
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3302
[  9 ] CVE-2010-0395
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0395
[ 10 ] CVE-2010-2935
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2935
[ 11 ] CVE-2010-2936
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2936
[ 12 ] CVE-2010-3450
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3450
[ 13 ] CVE-2010-3451
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3451
[ 14 ] CVE-2010-3452
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3452
[ 15 ] CVE-2010-3453
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3453
[ 16 ] CVE-2010-3454
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3454
[ 17 ] CVE-2010-3689
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3689
[ 18 ] CVE-2010-4253
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4253
[ 19 ] CVE-2010-4643
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4643
[ 20 ] CVE-2011-2713
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2713
[ 21 ] CVE-2012-0037
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0037
[ 22 ] CVE-2012-1149
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1149
[ 23 ] CVE-2012-2149
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2149
[ 24 ] CVE-2012-2334
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2334
[ 25 ] CVE-2012-2665
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665
[ 26 ] CVE-2014-0247
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0247

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201408-19

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-201408-19: OpenOffice, LibreOffice: Multiple vulnerabilities

Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code.

Summary

Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details.

Resolution

All OpenOffice (binary) users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-office/openoffice-bin-3.5.5.3"
All LibreOffice users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-office/libreoffice-4.2.5.2"
All LibreOffice (binary) users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=app-office/libreoffice-bin-4.2.5.2"
We recommend that users unmerge OpenOffice:
# emerge --unmerge "app-office/openoffice"

References

[ 1 ] CVE-2006-4339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4339 [ 2 ] CVE-2009-0200 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0200 [ 3 ] CVE-2009-0201 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0201 [ 4 ] CVE-2009-0217 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0217 [ 5 ] CVE-2009-2949 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2949 [ 6 ] CVE-2009-2950 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2950 [ 7 ] CVE-2009-3301 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3301 [ 8 ] CVE-2009-3302 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3302 [ 9 ] CVE-2010-0395 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0395 [ 10 ] CVE-2010-2935 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2935 [ 11 ] CVE-2010-2936 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2936 [ 12 ] CVE-2010-3450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3450 [ 13 ] CVE-2010-3451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3451 [ 14 ] CVE-2010-3452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3452 [ 15 ] CVE-2010-3453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3453 [ 16 ] CVE-2010-3454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3454 [ 17 ] CVE-2010-3689 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3689 [ 18 ] CVE-2010-4253 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4253 [ 19 ] CVE-2010-4643 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4643 [ 20 ] CVE-2011-2713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2713 [ 21 ] CVE-2012-0037 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0037 [ 22 ] CVE-2012-1149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1149 [ 23 ] CVE-2012-2149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2149 [ 24 ] CVE-2012-2334 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2334 [ 25 ] CVE-2012-2665 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665 [ 26 ] CVE-2014-0247 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0247

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201408-19

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: OpenOffice, LibreOffice: Multiple vulnerabilities
Date: August 31, 2014
Bugs: #283370, #305195, #320491, #332321, #352864, #386081,
ID: 201408-19

Synopsis

Multiple vulnerabilities have been found in OpenOffice and LibreOffice, the worst of which may result in execution of arbitrary code.

Background

OpenOffice is the open source version of StarOffice, a full office productivity suite. LibreOffice is a fork of OpenOffice.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-office/openoffice-bin < 3.5.5.3 >= 3.5.5.3 2 app-office/openoffice <= 3.5.5.3 Vulnerable! 3 app-office/libreoffice < 4.2.5.2 >= 4.2.5.2 4 app-office/libreoffice-bin < 4.2.5.2 >= 4.2.5.2 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 4 affected packages

Impact

===== A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files.

Workaround

There is no known workaround at this time.

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved