Mandriva Linux Security Advisory : libreoffice (MDVSA-2011:172)

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilies has been discovered and corrected in
libreoffice :

Stack-based buffer overflow in the Lotus Word Pro import filter in
LibreOffice before 3.3.3 allows remote attackers to execute arbitrary
code via a crafted .lwp file (CVE-2011-2685).

oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows
user-assisted remote attackers to cause a denial of service (crash)
via a crafted DOC file that triggers an out-of-bounds read in the DOC
sprm parser (CVE-2011-2713).

This update brings a new LibreOffice version 3.4.3 release linked
against stdc++ and gcc_s standard libraries available in the Mandriva
2011 and solves installing conflicts with libstdc++ (#64224).

The package clipart-openclipart was dropped from the main repository
in the Mandriva 2011. However it is not required having
clipart-openclipart installed in order to install
libreoffice-openclipart as the LibreOffice still provides some
cliparts directly in that package (#63634).

This update fixes some OpenOffice.org leftovers in some packages
description replacing that by LibreOffice (#64658).

This update brings new LibreOffice l10n locale packages: Assanese as,
Bengali bn, Dzongkha dz, Farsi fa, Irish ga, Galician gl, Gujarati gu,
Croatian hr, Kannada kn, Lithuanian lt, Latvian lv, Maithili mai,
Malayalam ml, Marathi mr, Ndebele nr, Northern Shoto nso, Oriya or,
Punjabi pa_IN, Romanian ro, Secwepemctsin sh, Sinhalese si, Serbian
sr, Swati ss, Shoto st, Telugu te, Thai th, Tswana tn, Tsonga ts,
Ukrainian uk, Venda ve and Xhosa xh. Help packages are also provided
for: bn, dz, gl, gu, hr, si and uk.

Additionally the gaupol packages are being provided to solve a build
dependcy of some of the supporting tools already added into 2011.

The updated packages have been upgraded to LibreOffice version 3.4.3
where these isssues has been resolved.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 61936 ()

Bugtraq ID: 48387
49969

CVE ID: CVE-2011-2685
CVE-2011-2713

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now