Scientific Linux: LibreOffice Moderate Macro Threat SLSA-2015:0377-1 CVE-2014-0247

Date: Wed, 25 Mar 2015 15:17:32 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Moderate: libreoffice on SL7.x x86_64
MIME-Version: 1.0

Synopsis: Moderate: libreoffice security, bug fix, and enhancement update
Advisory ID: SLSA-2015:0377-1
Issue Date: 2015-03-05
CVE Numbers: CVE-2014-0247
 CVE-2014-3575
 CVE-2014-3693
--

It was found that LibreOffice documents executed macros unconditionally,
without user approval, when these documents were opened using LibreOffice.
An attacker could use this flaw to execute arbitrary code as the user
running LibreOffice by embedding malicious VBA scripts in the document as
macros. (CVE-2014-0247)

A flaw was found in the OLE (Object Linking and Embedding) generation in
LibreOffice. An attacker could use this flaw to embed malicious OLE code
in a LibreOffice document, allowing for arbitrary code execution.
(CVE-2014-3575)

A use-after-free flaw was found in the "Remote Control" capabilities of
the LibreOffice Impress application. An attacker could use this flaw to
remotely execute code with the permissions of the user running LibreOffice
Impress. (CVE-2014-3693)

The libreoffice packages have been upgraded to upstream version 4.2.6.3,
which provides a number of bug fixes and enhancements over the previous
version. Among others:

* Improved OpenXML interoperability.

* Additional statistic functions in Calc (for interoperability with Excel
and Excel's Add-in "Analysis ToolPak").

* Various performance improvements in Calc.

* Apple Keynote and Abiword import.

* Improved MathML export.

* New Start screen with thumbnails of recently opened documents.

* Visual clue in Slide Sorter when a slide has a transition or an
animation.

* Improvements for trend lines in charts.

* Support for BCP-47 language tags.
--

SL7
 x86_64
 libabw-0.0.2-1.el7.i686.rpm
 libabw-0.0.2-1.el7.x86_64.rpm
 libabw-debuginfo-0.0.2-1.el7.i686.rpm
 libabw-debuginfo-0.0.2-1.el7.x86_64.rpm
 libcmis-0.4.1-5.el7.i686.rpm
 libcmis-0.4.1-5.el7.x86_64.rpm
 libcmis-debuginfo-0.4.1-5.el7.i686.rpm
 libcmis-debuginfo-0.4.1-5.el7.x86_64.rpm
 libetonyek-0.0.4-2.el7.i686.rpm
 libetonyek-0.0.4-2.el7.x86_64.rpm
 libetonyek-debuginfo-0.0.4-2.el7.i686.rpm
 libetonyek-debuginfo-0.0.4-2.el7.x86_64.rpm
 libfreehand-0.0.0-3.el7.i686.rpm
 libfreehand-0.0.0-3.el7.x86_64.rpm
 libfreehand-debuginfo-0.0.0-3.el7.i686.rpm
 libfreehand-debuginfo-0.0.0-3.el7.x86_64.rpm
 liblangtag-0.5.4-8.el7.i686.rpm
 liblangtag-0.5.4-8.el7.x86_64.rpm
 liblangtag-debuginfo-0.5.4-8.el7.i686.rpm
 liblangtag-debuginfo-0.5.4-8.el7.x86_64.rpm
 libmwaw-0.2.0-4.el7.i686.rpm
 libmwaw-0.2.0-4.el7.x86_64.rpm
 libmwaw-debuginfo-0.2.0-4.el7.i686.rpm
 libmwaw-debuginfo-0.2.0-4.el7.x86_64.rpm
 libodfgen-0.0.4-1.el7.i686.rpm
 libodfgen-0.0.4-1.el7.x86_64.rpm
 libodfgen-debuginfo-0.0.4-1.el7.i686.rpm
 libodfgen-debuginfo-0.0.4-1.el7.x86_64.rpm
 libreoffice-base-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-calc-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-core-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-debuginfo-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-draw-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-emailmerge-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-graphicfilter-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-impress-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-af-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-ar-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-as-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-bg-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-bn-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-br-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-ca-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-cs-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-cy-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-da-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-de-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-dz-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-el-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-en-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-es-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-et-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-eu-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-fa-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-fi-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-fr-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-ga-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-gl-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-gu-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-he-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-hi-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-hr-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-hu-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-it-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-ja-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-kk-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-kn-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-ko-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-lt-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-lv-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-mai-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-ml-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-mr-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-nb-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-nl-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-nn-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-nr-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-nso-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-or-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-pa-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-pl-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-pt-BR-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-pt-PT-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-ro-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-ru-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-si-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-sk-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-sl-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-sr-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-ss-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-st-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-sv-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-ta-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-te-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-th-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-tn-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-tr-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-ts-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-uk-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-ve-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-xh-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-zh-Hans-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-zh-Hant-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-langpack-zu-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-math-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-ogltrans-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-pdfimport-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-pyuno-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-ure-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-wiki-publisher-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-writer-4.2.6.3-5.el7.x86_64.rpm
 libabw-devel-0.0.2-1.el7.i686.rpm
 libabw-devel-0.0.2-1.el7.x86_64.rpm
 libabw-tools-0.0.2-1.el7.x86_64.rpm
 libcmis-devel-0.4.1-5.el7.i686.rpm
 libcmis-devel-0.4.1-5.el7.x86_64.rpm
 libcmis-tools-0.4.1-5.el7.x86_64.rpm
 libetonyek-devel-0.0.4-2.el7.i686.rpm
 libetonyek-devel-0.0.4-2.el7.x86_64.rpm
 libetonyek-tools-0.0.4-2.el7.x86_64.rpm
 libfreehand-devel-0.0.0-3.el7.i686.rpm
 libfreehand-devel-0.0.0-3.el7.x86_64.rpm
 libfreehand-tools-0.0.0-3.el7.x86_64.rpm
 liblangtag-devel-0.5.4-8.el7.i686.rpm
 liblangtag-devel-0.5.4-8.el7.x86_64.rpm
 liblangtag-gobject-0.5.4-8.el7.i686.rpm
 liblangtag-gobject-0.5.4-8.el7.x86_64.rpm
 libmwaw-devel-0.2.0-4.el7.i686.rpm
 libmwaw-devel-0.2.0-4.el7.x86_64.rpm
 libmwaw-tools-0.2.0-4.el7.x86_64.rpm
 libodfgen-devel-0.0.4-1.el7.i686.rpm
 libodfgen-devel-0.0.4-1.el7.x86_64.rpm
 libreoffice-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-bsh-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-filters-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-gdb-debug-support-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-glade-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-headless-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-librelogo-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-nlpsolver-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-postgresql-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-rhino-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-sdk-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-sdk-doc-4.2.6.3-5.el7.x86_64.rpm
 libreoffice-xsltfilter-4.2.6.3-5.el7.x86_64.rpm
 noarch
 autocorr-af-4.2.6.3-5.el7.noarch.rpm
 autocorr-bg-4.2.6.3-5.el7.noarch.rpm
 autocorr-ca-4.2.6.3-5.el7.noarch.rpm
 autocorr-cs-4.2.6.3-5.el7.noarch.rpm
 autocorr-da-4.2.6.3-5.el7.noarch.rpm
 autocorr-de-4.2.6.3-5.el7.noarch.rpm
 autocorr-en-4.2.6.3-5.el7.noarch.rpm
 autocorr-es-4.2.6.3-5.el7.noarch.rpm
 autocorr-fa-4.2.6.3-5.el7.noarch.rpm
 autocorr-fi-4.2.6.3-5.el7.noarch.rpm
 autocorr-fr-4.2.6.3-5.el7.noarch.rpm
 autocorr-ga-4.2.6.3-5.el7.noarch.rpm
 autocorr-hr-4.2.6.3-5.el7.noarch.rpm
 autocorr-hu-4.2.6.3-5.el7.noarch.rpm
 autocorr-is-4.2.6.3-5.el7.noarch.rpm
 autocorr-it-4.2.6.3-5.el7.noarch.rpm
 autocorr-ja-4.2.6.3-5.el7.noarch.rpm
 autocorr-ko-4.2.6.3-5.el7.noarch.rpm
 autocorr-lb-4.2.6.3-5.el7.noarch.rpm
 autocorr-lt-4.2.6.3-5.el7.noarch.rpm
 autocorr-mn-4.2.6.3-5.el7.noarch.rpm
 autocorr-nl-4.2.6.3-5.el7.noarch.rpm
 autocorr-pl-4.2.6.3-5.el7.noarch.rpm
 autocorr-pt-4.2.6.3-5.el7.noarch.rpm
 autocorr-ro-4.2.6.3-5.el7.noarch.rpm
 autocorr-ru-4.2.6.3-5.el7.noarch.rpm
 autocorr-sk-4.2.6.3-5.el7.noarch.rpm
 autocorr-sl-4.2.6.3-5.el7.noarch.rpm
 autocorr-sr-4.2.6.3-5.el7.noarch.rpm
 autocorr-sv-4.2.6.3-5.el7.noarch.rpm
 autocorr-tr-4.2.6.3-5.el7.noarch.rpm
 autocorr-vi-4.2.6.3-5.el7.noarch.rpm
 autocorr-zh-4.2.6.3-5.el7.noarch.rpm
 libreoffice-opensymbol-fonts-4.2.6.3-5.el7.noarch.rpm
 libabw-doc-0.0.2-1.el7.noarch.rpm
 libetonyek-doc-0.0.4-2.el7.noarch.rpm
 libfreehand-doc-0.0.0-3.el7.noarch.rpm
 liblangtag-doc-0.5.4-8.el7.noarch.rpm
 libmwaw-doc-0.2.0-4.el7.noarch.rpm
 libodfgen-doc-0.0.4-1.el7.noarch.rpm
 mdds-devel-0.10.3-1.el7.noarch.rpm

- Scientific Linux Development Team