RHEL 7 : libreoffice (RHSA-2017:0914)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An update for libreoffice is now available for Red Hat Enterprise
Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

LibreOffice is an open source, community-developed office productivity
suite. It includes key desktop applications, such as a word processor,
a spreadsheet, a presentation manager, a formula editor, and a drawing
program. LibreOffice replaces OpenOffice and provides a similar but
enhanced and extended office suite.

Security Fix(es) :

* It was found that LibreOffice disclosed contents of a file specified
in an embedded object's preview. An attacker could potentially use
this flaw to expose details of a system running LibreOffice as an
online service via a crafted document. (CVE-2017-3157)

Bug Fix(es) :

* Previously, an improper resource management caused the LibreOffice
Calc spreadsheet application to terminate unexpectedly after closing a
dialog window with accessibility support enabled. The resource
management has been improved, and the described problem no longer
occurs. (BZ#1425536)

* Previously, when an incorrect password was entered for a password
protected document, the document has been considered as valid and a
fallback attempt to open it as plain text has been made. As a
consequence, it could appear that the document succesfully loaded,
while just the encrypted unreadable content was shown. A fix has been
made to terminate import attempts after entering incorrect password,
and now nothing is loaded when a wrong password is entered.
(BZ#1426348)

* Previously, an improper resource management caused the LibreOffice
Calc spreadsheet application to terminate unexpectedly during exit,
after the Text Import dialog for CSV (Comma-separated Value) files
closed, when accessibility support was enabled. The resource
management has been improved, and the described problem no longer
occurs. (BZ#1425535)

See also :

https://www.redhat.com/security/data/cve/CVE-2017-3157.html
http://rhn.redhat.com/errata/RHSA-2017-0914.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 99342 ()

Bugtraq ID:

CVE ID: CVE-2017-3157

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now