Scientific Linux Security Update : libreoffice on SL7.x x86_64
Medium Nessus Plugin ID 99352
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- It was found that LibreOffice disclosed contents of a file specified in an embedded object's preview. An attacker could potentially use this flaw to expose details of a system running LibreOffice as an online service via a crafted document. (CVE-2017-3157)
Bug Fix(es) :
- Previously, an improper resource management caused the LibreOffice Calc spreadsheet application to terminate unexpectedly after closing a dialog window with accessibility support enabled. The resource management has been improved, and the described problem no longer occurs.
- Previously, when an incorrect password was entered for a password protected document, the document has been considered as valid and a fallback attempt to open it as plain text has been made. As a consequence, it could appear that the document succesfully loaded, while just the encrypted unreadable content was shown. A fix has been made to terminate import attempts after entering incorrect password, and now nothing is loaded when a wrong password is entered.
- Previously, an improper resource management caused the LibreOffice Calc spreadsheet application to terminate unexpectedly during exit, after the Text Import dialog for CSV (Comma-separated Value) files closed, when accessibility support was enabled. The resource management has been improved, and the described problem no longer occurs.
SolutionUpdate the affected packages.