GLSA-201209-05 : LibreOffice: Multiple vulnerabilities
High Nessus Plugin ID 62286
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201209-05 (LibreOffice: Multiple vulnerabilities)
Multiple vulnerabilities have been found in LibreOffice:
The Microsoft Word Document parser contains an out-of-bounds read error (CVE-2011-2713).
The Raptor RDF parser contains an XML External Entity expansion error (CVE-2012-0037).
The graphic loading parser contains an integer overflow error which could cause a heap-based buffer overflow (CVE-2012-1149).
Multiple errors in the XML manifest handling code could cause a heap-based buffer overflow (CVE-2012-2665).
A remote attacker could entice a user to open a specially crafted document file using LibreOffice, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
There is no known workaround at this time.
SolutionAll LibreOffice users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-office/libreoffice-220.127.116.11' All users of the LibreOffice binary package should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-office/libreoffice-bin-18.104.22.168'