Scientific Linux Security Update : libreoffice on SL7.x x86_64

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

It was found that LibreOffice documents executed macros
unconditionally, without user approval, when these documents were
opened using LibreOffice. An attacker could use this flaw to execute
arbitrary code as the user running LibreOffice by embedding malicious
VBA scripts in the document as macros. (CVE-2014-0247)

A flaw was found in the OLE (Object Linking and Embedding) generation
in LibreOffice. An attacker could use this flaw to embed malicious OLE
code in a LibreOffice document, allowing for arbitrary code execution.
(CVE-2014-3575)

A use-after-free flaw was found in the 'Remote Control' capabilities
of the LibreOffice Impress application. An attacker could use this
flaw to remotely execute code with the permissions of the user running
LibreOffice Impress. (CVE-2014-3693)

The libreoffice packages have been upgraded to upstream version
4.2.6.3, which provides a number of bug fixes and enhancements over
the previous version. Among others :

- Improved OpenXML interoperability.

- Additional statistic functions in Calc (for
interoperability with Excel and Excel's Add-in 'Analysis
ToolPak').

- Various performance improvements in Calc.

- Apple Keynote and Abiword import.

- Improved MathML export.

- New Start screen with thumbnails of recently opened
documents.

- Visual clue in Slide Sorter when a slide has a
transition or an animation.

- Improvements for trend lines in charts.

- Support for BCP-47 language tags.

See also :

http://www.nessus.org/u?a33befe5

Solution :

Update the affected packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 82256 ()

Bugtraq ID:

CVE ID: CVE-2014-0247
CVE-2014-3575
CVE-2014-3693

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now