openSUSE Security Update : libreoffice (openSUSE-2016-1192)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

LibreOffice was updated to version 5.1.5.2, bringing enhancements and
bug fixes.

- CVE-2016-4324: Parsing the Rich Text Format character
style index was insufficiently checked for validity.
Documents could be constructed which dereference an
iterator to the first entry of an empty STL container.
(bsc#987553)

- Don't use 'nullable' for introspection, as it isn't
available on SLE 12's version of gobject-introspection.
This prevents a segmentation fault in gnome-documents.
(bsc#1000102)

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1000102
https://bugzilla.opensuse.org/show_bug.cgi?id=987553

Solution :

Update the affected libreoffice packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 94088 ()

Bugtraq ID:

CVE ID: CVE-2016-4324

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now