Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20150305)

critical Nessus Plugin ID 82256

Language:

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macros. (CVE-2014-0247)

A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution.
(CVE-2014-3575)

A use-after-free flaw was found in the 'Remote Control' capabilities of the LibreOffice Impress application. An attacker could use this flaw to remotely execute code with the permissions of the user running LibreOffice Impress. (CVE-2014-3693)

The libreoffice packages have been upgraded to upstream version 4.2.6.3, which provides a number of bug fixes and enhancements over the previous version. Among others :

- Improved OpenXML interoperability.

- Additional statistic functions in Calc (for interoperability with Excel and Excel's Add-in 'Analysis ToolPak').

- Various performance improvements in Calc.

- Apple Keynote and Abiword import.

- Improved MathML export.

- New Start screen with thumbnails of recently opened documents.

- Visual clue in Slide Sorter when a slide has a transition or an animation.

- Improvements for trend lines in charts.

- Support for BCP-47 language tags.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 82256

File Name: sl_20150305_libreoffice_on_SL7_x.nasl

Version: 1.7

Type: local

Agent: unix

Family: Scientific Linux Local Security Checks

Published: 3/26/2015

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:autocorr-af, p-cpe:/a:fermilab:scientific_linux:autocorr-bg, p-cpe:/a:fermilab:scientific_linux:autocorr-ca, p-cpe:/a:fermilab:scientific_linux:autocorr-cs, p-cpe:/a:fermilab:scientific_linux:autocorr-da, p-cpe:/a:fermilab:scientific_linux:autocorr-de, p-cpe:/a:fermilab:scientific_linux:autocorr-en, p-cpe:/a:fermilab:scientific_linux:autocorr-es, p-cpe:/a:fermilab:scientific_linux:autocorr-fa, p-cpe:/a:fermilab:scientific_linux:autocorr-fi, p-cpe:/a:fermilab:scientific_linux:autocorr-fr, p-cpe:/a:fermilab:scientific_linux:autocorr-ga, p-cpe:/a:fermilab:scientific_linux:autocorr-hr, p-cpe:/a:fermilab:scientific_linux:autocorr-hu, p-cpe:/a:fermilab:scientific_linux:autocorr-is, p-cpe:/a:fermilab:scientific_linux:autocorr-it, p-cpe:/a:fermilab:scientific_linux:autocorr-ja, p-cpe:/a:fermilab:scientific_linux:autocorr-ko, p-cpe:/a:fermilab:scientific_linux:autocorr-lb, p-cpe:/a:fermilab:scientific_linux:autocorr-lt, p-cpe:/a:fermilab:scientific_linux:autocorr-mn, p-cpe:/a:fermilab:scientific_linux:autocorr-nl, p-cpe:/a:fermilab:scientific_linux:autocorr-pl, p-cpe:/a:fermilab:scientific_linux:autocorr-pt, p-cpe:/a:fermilab:scientific_linux:autocorr-ro, p-cpe:/a:fermilab:scientific_linux:autocorr-ru, p-cpe:/a:fermilab:scientific_linux:autocorr-sk, p-cpe:/a:fermilab:scientific_linux:autocorr-sl, p-cpe:/a:fermilab:scientific_linux:autocorr-sr, p-cpe:/a:fermilab:scientific_linux:autocorr-sv, p-cpe:/a:fermilab:scientific_linux:autocorr-tr, p-cpe:/a:fermilab:scientific_linux:autocorr-vi, p-cpe:/a:fermilab:scientific_linux:autocorr-zh, p-cpe:/a:fermilab:scientific_linux:libabw, p-cpe:/a:fermilab:scientific_linux:libabw-debuginfo, p-cpe:/a:fermilab:scientific_linux:libabw-devel, p-cpe:/a:fermilab:scientific_linux:libabw-doc, p-cpe:/a:fermilab:scientific_linux:libabw-tools, p-cpe:/a:fermilab:scientific_linux:libcmis, p-cpe:/a:fermilab:scientific_linux:libcmis-debuginfo, p-cpe:/a:fermilab:scientific_linux:libcmis-devel, p-cpe:/a:fermilab:scientific_linux:libcmis-tools, p-cpe:/a:fermilab:scientific_linux:libetonyek, p-cpe:/a:fermilab:scientific_linux:libetonyek-debuginfo, p-cpe:/a:fermilab:scientific_linux:libetonyek-devel, p-cpe:/a:fermilab:scientific_linux:libetonyek-doc, p-cpe:/a:fermilab:scientific_linux:libetonyek-tools, p-cpe:/a:fermilab:scientific_linux:libfreehand, p-cpe:/a:fermilab:scientific_linux:libfreehand-debuginfo, p-cpe:/a:fermilab:scientific_linux:libfreehand-devel, p-cpe:/a:fermilab:scientific_linux:libfreehand-doc, p-cpe:/a:fermilab:scientific_linux:libfreehand-tools, p-cpe:/a:fermilab:scientific_linux:liblangtag, p-cpe:/a:fermilab:scientific_linux:liblangtag-debuginfo, p-cpe:/a:fermilab:scientific_linux:liblangtag-devel, p-cpe:/a:fermilab:scientific_linux:liblangtag-doc, p-cpe:/a:fermilab:scientific_linux:liblangtag-gobject, p-cpe:/a:fermilab:scientific_linux:libmwaw, p-cpe:/a:fermilab:scientific_linux:libmwaw-debuginfo, p-cpe:/a:fermilab:scientific_linux:libmwaw-devel, p-cpe:/a:fermilab:scientific_linux:libmwaw-doc, p-cpe:/a:fermilab:scientific_linux:libmwaw-tools, p-cpe:/a:fermilab:scientific_linux:libodfgen, p-cpe:/a:fermilab:scientific_linux:libodfgen-debuginfo, p-cpe:/a:fermilab:scientific_linux:libodfgen-devel, p-cpe:/a:fermilab:scientific_linux:libodfgen-doc, p-cpe:/a:fermilab:scientific_linux:libreoffice, p-cpe:/a:fermilab:scientific_linux:libreoffice-base, p-cpe:/a:fermilab:scientific_linux:libreoffice-bsh, p-cpe:/a:fermilab:scientific_linux:libreoffice-calc, p-cpe:/a:fermilab:scientific_linux:libreoffice-core, p-cpe:/a:fermilab:scientific_linux:libreoffice-debuginfo, p-cpe:/a:fermilab:scientific_linux:libreoffice-draw, p-cpe:/a:fermilab:scientific_linux:libreoffice-emailmerge, p-cpe:/a:fermilab:scientific_linux:libreoffice-filters, p-cpe:/a:fermilab:scientific_linux:libreoffice-gdb-debug-support, p-cpe:/a:fermilab:scientific_linux:libreoffice-glade, p-cpe:/a:fermilab:scientific_linux:libreoffice-graphicfilter, p-cpe:/a:fermilab:scientific_linux:libreoffice-headless, p-cpe:/a:fermilab:scientific_linux:libreoffice-impress, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-af, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-ar, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-as, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-bg, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-bn, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-br, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-ca, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-cs, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-cy, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-da, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-de, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-dz, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-el, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-en, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-es, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-et, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-eu, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-fa, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-fi, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-fr, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-ga, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-gl, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-gu, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-he, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-hi, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-hr, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-hu, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-it, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-ja, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-kk, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-kn, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-ko, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-lt, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-lv, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-mai, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-ml, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-mr, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-nb, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-nl, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-nn, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-nr, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-nso, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-or, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-pa, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-pl, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-pt-br, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-pt-pt, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-ro, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-ru, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-si, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-sk, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-sl, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-sr, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-ss, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-st, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-sv, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-ta, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-te, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-th, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-tn, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-tr, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-ts, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-uk, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-ve, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-xh, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-zh-hans, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-zh-hant, p-cpe:/a:fermilab:scientific_linux:libreoffice-langpack-zu, p-cpe:/a:fermilab:scientific_linux:libreoffice-librelogo, p-cpe:/a:fermilab:scientific_linux:libreoffice-math, p-cpe:/a:fermilab:scientific_linux:libreoffice-nlpsolver, p-cpe:/a:fermilab:scientific_linux:libreoffice-ogltrans, p-cpe:/a:fermilab:scientific_linux:libreoffice-opensymbol-fonts, p-cpe:/a:fermilab:scientific_linux:libreoffice-pdfimport, p-cpe:/a:fermilab:scientific_linux:libreoffice-postgresql, p-cpe:/a:fermilab:scientific_linux:libreoffice-pyuno, p-cpe:/a:fermilab:scientific_linux:libreoffice-rhino, p-cpe:/a:fermilab:scientific_linux:libreoffice-sdk, p-cpe:/a:fermilab:scientific_linux:libreoffice-sdk-doc, p-cpe:/a:fermilab:scientific_linux:libreoffice-ure, p-cpe:/a:fermilab:scientific_linux:libreoffice-wiki-publisher, p-cpe:/a:fermilab:scientific_linux:libreoffice-writer, p-cpe:/a:fermilab:scientific_linux:libreoffice-xsltfilter, p-cpe:/a:fermilab:scientific_linux:mdds-devel, x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 3/5/2015

Vulnerability Publication Date: 7/3/2014

Reference Information

CVE: CVE-2014-0247, CVE-2014-3575, CVE-2014-3693

Detections

Analytics