LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.

The following packages have been upgraded to a newer upstream version:
libreoffice (5.0.6.2).

Security Fix(es) :

  - Multiple flaws were found in the Lotus Word Pro (LWP)     document format parser in LibreOffice. By tricking a     user into opening a specially crafted LWP document, an     attacker could possibly use this flaw to execute     arbitrary code with the privileges of the user opening     the file. (CVE-2016-0794, CVE-2016-0795)

Additional Changes :

An update for libreoffice is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.

The following packages have been upgraded to a newer upstream version:
libreoffice (5.0.6.2). (BZ#1290148)

Security Fix(es) :

* Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2016-0794, CVE-2016-0795)

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

From Red Hat Security Advisory 2016:2579 :

An update for libreoffice is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.

The following packages have been upgraded to a newer upstream version:
libreoffice (5.0.6.2). (BZ#1290148)

Security Fix(es) :

* Multiple flaws were found in the Lotus Word Pro (LWP) document format parser in LibreOffice. By tricking a user into opening a specially crafted LWP document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2016-0794, CVE-2016-0795)

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.

LibreOffice was updated to version 5.1.3.2, bringing many new features and bug fixes.

Two security issues have been fixed :

  - CVE-2016-0795: LibreOffice allowed remote attackers to     cause a denial of service (memory corruption) or     possibly have unspecified other impact via a crafted     LwpTocSuperLayout record in a LotusWordPro (lwp)     document.

  - CVE-2016-0794: The lwp filter in LibreOffice allowed     remote attackers to cause a denial of service (memory     corruption) or possibly have unspecified other impact     via a crafted LotusWordPro (lwp) document.

A comprehensive list of new features and improvements in this release is provided by the Document Foundation at https://wiki.documentfoundation.org/ReleaseNotes/5.1 .

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

LibreOffice was updated to version 5.1.3.2, bringing many new features and bug fixes.

Two security issues have been fixed :

  - CVE-2016-0795: LibreOffice allowed remote attackers to     cause a denial of service (memory corruption) or     possibly have unspecified other impact via a crafted     LwpTocSuperLayout record in a LotusWordPro (lwp)     document.

  - CVE-2016-0794: The lwp filter in LibreOffice allowed     remote attackers to cause a denial of service (memory     corruption) or possibly have unspecified other impact     via a crafted LotusWordPro (lwp) document.

A comprehensive list of new features and improvements in this release is provided by the Document Foundation at https://wiki.documentfoundation.org/ReleaseNotes/5.1 .

This update was imported from the SUSE:SLE-12:Update project.

This libreoffice update to version 5.0.6.3 fixes the following issues :

Security issues fixed :

  - CVE-2016-0794: multiple lwp issues (boo#967014)

  - CVE-2016-0795: multiple lwp issues (boo#967015)

Bugs fixed :

  - Version update to 5.0.6.3 :

  - 5.0.6 release, various bugfixes on the 5.0 series, this     is last release of the series

  - Version update to 5.0.5.2 :

  - 91 bugs fixed

- CVE-2016-0794 and CVE-2016-0795 LotusWordPro filter     security fixes

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of LibreOffice installed on the remote Mac OS X host is prior to 5.0.5. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists due to     improper validation of user-supplied input when handling     LotusWordPro (LWP) documents. A remote attacker can     exploit this, via a crafted LWP document, to corrupt     memory, resulting in a denial of service condition or     the execution of arbitrary code. (CVE-2016-0794)

  - A remote code execution vulnerability exists due to     improper validation of user-supplied input when handling     LwpTocSuperLayout records. A remote attacker can exploit     this, via a crafted LwpTocSuperLayout record in a     LotusWordPro (LWP) document, to corrupt memory,     resulting in a denial of service condition or the     execution of arbitrary code. (CVE-2016-0795)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

The version of LibreOffice installed on the remote Windows host is prior to 5.0.5. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists due to     improper validation of user-supplied input when handling     LotusWordPro (LWP) documents. A remote attacker can     exploit this, via a crafted LWP document, to corrupt     memory, resulting in a denial of service condition or     the execution of arbitrary code. (CVE-2016-0794)

  - A remote code execution vulnerability exists due to     improper validation of user-supplied input when handling     LwpTocSuperLayout records. A remote attacker can exploit     this, via a crafted LwpTocSuperLayout record in a     LotusWordPro (LWP) document, to corrupt memory,     resulting in a denial of service condition or the     execution of arbitrary code. (CVE-2016-0795)

Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.

An anonymous contributor working with VeriSign iDefense Labs discovered that libreoffice, a full-featured office productivity suite, did not correctly handle Lotus WordPro files. This would enable an attacker to crash the program, or execute arbitrary code, by supplying a specially crafted LWP file.

It was discovered that LibreOffice incorrectly handled LWP document files. If a user were tricked into opening a specially crafted LWP document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
95844	Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20161103)	Nessus	Scientific Linux Local Security Checks	high
95326	CentOS 7 : libcmis / libpagemaker / libreoffice / mdds (CESA-2016:2579)	Nessus	CentOS Local Security Checks	high
94701	Oracle Linux 7 : libreoffice (ELSA-2016-2579)	Nessus	Oracle Linux Local Security Checks	high
94542	RHEL 7 : libreoffice (RHSA-2016:2579)	Nessus	Red Hat Local Security Checks	high
93174	SUSE SLED12 Security Update : LibreOffice (SUSE-SU-2016:1728-1)	Nessus	SuSE Local Security Checks	high
92310	openSUSE Security Update : LibreOffice (openSUSE-2016-871)	Nessus	SuSE Local Security Checks	high
91400	openSUSE Security Update : libreoffice (openSUSE-2016-642)	Nessus	SuSE Local Security Checks	high
89584	Fedora 22 : libreoffice-4.4.7.2-3.fc22 (2016-962c0d156d)	Nessus	Fedora Local Security Checks	high
88984	LibreOffice < 5.0.5 Multiple RCE (Mac OS X)	Nessus	MacOS X Local Security Checks	high
88983	LibreOffice < 5.0.5 Multiple RCE	Nessus	Windows	high
88846	Debian DSA-3482-1 : libreoffice - security update	Nessus	Debian Local Security Checks	high
88805	Ubuntu 14.04 LTS : LibreOffice vulnerabilities (USN-2899-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2016-0795

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high