Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

openSUSE Leap 42.3: Important Update 2017:2943-1 for libwpd DoS

opensuse
Calendar Grey November 7, 2017
Dist Opensuse Esm H88
This patch for libwpd resolves a significant bug in Fedora. It swiftly resolves potential data breach threats!
An update that fixes one vulnerability is now available

Description

This update for libwpd fixes the following issues:

Security issue fixed:

- CVE-2017-14226: WP1StylesListener.cpp, WP5StylesListener.cpp, and

WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which

allows remote attackers to cause a denial of service (heap-based buffer

over-read in the WPXTableList class in WPXTable.cpp). This vulnerability

can be triggered in LibreOffice before 5.3.7. It may lead to suffering a

remote attack against a LibreOffice application. (bnc#1058025)

Bugfixes:

- Fix various crashes, leaks and hangs when reading damaged files found by

oss-fuzz.

- Fix crash when NULL is passed as input stream.

- Use symbol visibility on Linux. The library only exports public

functions now.

- Avoid infinite loop. (libwpd#3)

- Remove bashism. (libwpd#5)

- Fix various crashes and hangs when reading broken files found with the

help of american-fuzzy-lop.

- Make --help output of all command line...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service important update libwpd openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2017-1247=1

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-1247=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.3 (noarch):

libwpd-devel-doc-0.10.2-8.1

- openSUSE Leap 42.3 (x86_64):

libwpd-0_10-10-0.10.2-8.1

libwpd-0_10-10-debuginfo-0.10.2-8.1

libwpd-debugsource-0.10.2-8.1

libwpd-devel-0.10.2-8.1

libwpd-tools-0.10.2-8.1

libwpd-tools-debuginfo-0.10.2-8.1

- openSUSE Leap 42.2 (i586 x86_64):

libwpd-0_10-10-0.10.2-5.3.1

libwpd-0_10-10-debuginfo-0.10.2-5.3.1

libwpd-debugsource-0.10.2-5.3.1

libwpd-devel-0.10.2-5.3.1

libwpd-tools-0.10.2-5.3.1

libwpd-tools-debuginfo-0.10.2-5.3.1

- openSUSE Leap 42.2 (noarch):

libwpd-devel-doc-0.10.2-5.3.1

References

https://www.suse.com/security/cve/CVE-2017-14226.html

https://bugzilla.suse.com/1058025

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:2943-1
Rating: important
Affected Products: openSUSE Leap 42.3 openSUSE Leap 42.2 .

Topics%20covered

Topics Covered

security advisory denial of service important update libwpd openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here