This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated libreoffice packages that fixes multiple security issues are
now available for Red Hat Enterprise Linux 6 and 7.
Red Hat Product Security has rated this update as having Moderate
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.
LibreOffice is an open source, community-developed office productivity
suite. It includes key desktop applications, such as a word processor,
a spreadsheet, a presentation manager, a formula editor, and a drawing
program. LibreOffice replaces OpenOffice and provides a similar but
enhanced and extended office suite.
It was discovered that LibreOffice did not properly restrict automatic
link updates. By tricking a victim into opening specially crafted
documents, an attacker could possibly use this flaw to disclose
contents of files accessible by the victim. (CVE-2015-4551)
An integer underflow flaw leading to a heap-based buffer overflow when
parsing PrinterSetup data was discovered. By tricking a user into
opening a specially crafted document, an attacker could possibly
exploit this flaw to execute arbitrary code with the privileges of the
user opening the file. (CVE-2015-5212)
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way LibreOffice processed certain Microsoft Word .doc
files. By tricking a user into opening a specially crafted Microsoft
Word .doc document, an attacker could possibly use this flaw to
execute arbitrary code with the privileges of the user opening the
It was discovered that LibreOffice did not properly sanity check
bookmark indexes. By tricking a user into opening a specially crafted
document, an attacker could possibly use this flaw to execute
arbitrary code with the privileges of the user opening the file.
All libreoffice users are advised to upgrade to these updated
packages, which contain backported patches to correct these issues.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.3
Public Exploit Available : true