Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : libreoffice vulnerabilities (USN-2793-1)

Ubuntu Security Notice (C) 2015-2016 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing a security-related patch.

Description :

Federico Scrinzi discovered that LibreOffice incorrectly handled
documents inserted into Writer or Calc via links. If a user were
tricked into opening a specially crafted document, a remote attacker
could possibly obtain the contents of arbitrary files. (CVE-2015-4551)

It was discovered that LibreOffice incorrectly handled PrinterSetup
data stored in ODF files. If a user were tricked into opening a
specially crafted ODF document, a remote attacker could cause
LibreOffice to crash, and possibly execute arbitrary code.
(CVE-2015-5212)

It was discovered that LibreOffice incorrectly handled the number of
pieces in DOC files. If a user were tricked into opening a specially
crafted DOC document, a remote attacker could cause LibreOffice to
crash, and possibly execute arbitrary code. (CVE-2015-5213)

It was discovered that LibreOffice incorrectly handled bookmarks in
DOC files. If a user were tricked into opening a specially crafted DOC
document, a remote attacker could cause LibreOffice to crash, and
possibly execute arbitrary code. (CVE-2015-5214).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected libreoffice-core package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.3
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 86784 ()

Bugtraq ID:

CVE ID: CVE-2015-4551
CVE-2015-5212
CVE-2015-5213
CVE-2015-5214

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now