| Summary: | libreoffice new security issue CVE-2012-2665 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | major | ||
| Priority: | High | CC: | dmorganec, sysadmin-bugs, tmb |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/509401/ | ||
| Whiteboard: | mga1-32-OK mga1-64-OK | ||
| Source RPM: | libreoffice-3.4.6.2-0.1.mga1.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-08-03 20:25:27 CEST
David Walser
2012-08-03 20:28:31 CEST
Priority:
Normal =>
High Mandriva has issued an advisory for this today (August 4): http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:123 D Morgan is working on this update. It will also fix the following CVEs: CVE-2012-1149 CVE-2012-2334 References: http://www.libreoffice.org/advisories/CVE-2012-1149/ http://www.libreoffice.org/advisories/CVE-2012-2334/ https://rhn.redhat.com/errata/RHSA-2012-0705.html and new build fixes CVE-2012-2665 too. so the new rpm fixes: CVE-2012-1149 CVE-2012-2334 CVE-2012-2665 Advisory: ======================== Updated libreoffice packages fix security vulnerabilities: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the JPEG, PNG, and BMP image file reader implementations in OpenOffice.org. An attacker could provide a specially-crafted JPEG, PNG, or BMP image file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2012-1149). An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org (CVE-2012-2334). Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2012-2665). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1149 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2665 http://www.libreoffice.org/advisories/CVE-2012-1149/ http://www.libreoffice.org/advisories/CVE-2012-2334/ http://www.libreoffice.org/advisories/CVE-2012-2665/ https://rhn.redhat.com/errata/RHSA-2012-0705.html https://rhn.redhat.com/errata/RHSA-2012-1135.html ======================== Updated packages in core/updates_testing: ======================== libreoffice-3.4.6.2-0.3.mga1 libreoffice-core-3.4.6.2-0.3.mga1 libreoffice-pyuno-3.4.6.2-0.3.mga1 libreoffice-base-3.4.6.2-0.3.mga1 libreoffice-report-builder-3.4.6.2-0.3.mga1 libreoffice-bsh-3.4.6.2-0.3.mga1 libreoffice-rhino-3.4.6.2-0.3.mga1 libreoffice-wiki-publisher-3.4.6.2-0.3.mga1 libreoffice-ogltrans-3.4.6.2-0.3.mga1 libreoffice-presentation-minimizer-3.4.6.2-0.3.mga1 libreoffice-presenter-screen-3.4.6.2-0.3.mga1 libreoffice-pdfimport-3.4.6.2-0.3.mga1 libreoffice-opensymbol-fonts-3.4.6.2-0.3.mga1 libreoffice-writer-3.4.6.2-0.3.mga1 libreoffice-emailmerge-3.4.6.2-0.3.mga1 libreoffice-calc-3.4.6.2-0.3.mga1 libreoffice-draw-3.4.6.2-0.3.mga1 libreoffice-impress-3.4.6.2-0.3.mga1 libreoffice-math-3.4.6.2-0.3.mga1 libreoffice-graphicfilter-3.4.6.2-0.3.mga1 libreoffice-xsltfilter-3.4.6.2-0.3.mga1 libreoffice-javafilter-3.4.6.2-0.3.mga1 libreoffice-testtools-3.4.6.2-0.3.mga1 libreoffice-ure-3.4.6.2-0.3.mga1 libreoffice-java-common-3.4.6.2-0.3.mga1 libreoffice-sdk-3.4.6.2-0.3.mga1 libreoffice-sdk-doc-3.4.6.2-0.3.mga1 libreoffice-headless-3.4.6.2-0.3.mga1 libreoffice-kde-3.4.6.2-0.3.mga1 libreoffice-debug-3.4.6.2-0.3.mga1 libreoffice-gdb-debug-support-3.4.6.2-0.3.mga1 libreoffice-langpack-af-3.4.6.2-0.3.mga1 libreoffice-langpack-ar-3.4.6.2-0.3.mga1 libreoffice-langpack-as-3.4.6.2-0.3.mga1 libreoffice-langpack-bg-3.4.6.2-0.3.mga1 libreoffice-langpack-bn-3.4.6.2-0.3.mga1 libreoffice-langpack-ca-3.4.6.2-0.3.mga1 libreoffice-langpack-cs-3.4.6.2-0.3.mga1 libreoffice-langpack-cy-3.4.6.2-0.3.mga1 libreoffice-langpack-da-3.4.6.2-0.3.mga1 libreoffice-langpack-de-3.4.6.2-0.3.mga1 libreoffice-langpack-dz-3.4.6.2-0.3.mga1 libreoffice-langpack-el-3.4.6.2-0.3.mga1 libreoffice-langpack-en-3.4.6.2-0.3.mga1 libreoffice-langpack-es-3.4.6.2-0.3.mga1 libreoffice-langpack-et-3.4.6.2-0.3.mga1 libreoffice-langpack-eu-3.4.6.2-0.3.mga1 libreoffice-langpack-fi-3.4.6.2-0.3.mga1 libreoffice-langpack-fr-3.4.6.2-0.3.mga1 libreoffice-langpack-ga-3.4.6.2-0.3.mga1 libreoffice-langpack-gl-3.4.6.2-0.3.mga1 libreoffice-langpack-gu-3.4.6.2-0.3.mga1 libreoffice-langpack-he-3.4.6.2-0.3.mga1 libreoffice-langpack-hi-3.4.6.2-0.3.mga1 libreoffice-langpack-hr-3.4.6.2-0.3.mga1 libreoffice-langpack-hu-3.4.6.2-0.3.mga1 libreoffice-langpack-it-3.4.6.2-0.3.mga1 libreoffice-langpack-ja-3.4.6.2-0.3.mga1 libreoffice-langpack-kn-3.4.6.2-0.3.mga1 libreoffice-langpack-ko-3.4.6.2-0.3.mga1 libreoffice-langpack-lt-3.4.6.2-0.3.mga1 libreoffice-langpack-mai-3.4.6.2-0.3.mga1 libreoffice-langpack-ml-3.4.6.2-0.3.mga1 libreoffice-langpack-mr-3.4.6.2-0.3.mga1 libreoffice-langpack-nb-3.4.6.2-0.3.mga1 libreoffice-langpack-nl-3.4.6.2-0.3.mga1 libreoffice-langpack-nn-3.4.6.2-0.3.mga1 libreoffice-langpack-nr-3.4.6.2-0.3.mga1 libreoffice-langpack-nso-3.4.6.2-0.3.mga1 libreoffice-langpack-or-3.4.6.2-0.3.mga1 libreoffice-langpack-pa-3.4.6.2-0.3.mga1 libreoffice-langpack-pl-3.4.6.2-0.3.mga1 libreoffice-langpack-pt-BR-3.4.6.2-0.3.mga1 libreoffice-langpack-pt-PT-3.4.6.2-0.3.mga1 libreoffice-langpack-ro-3.4.6.2-0.3.mga1 libreoffice-langpack-ru-3.4.6.2-0.3.mga1 libreoffice-langpack-si-3.4.6.2-0.3.mga1 libreoffice-langpack-sk-3.4.6.2-0.3.mga1 libreoffice-langpack-sl-3.4.6.2-0.3.mga1 libreoffice-langpack-sr-3.4.6.2-0.3.mga1 libreoffice-langpack-ss-3.4.6.2-0.3.mga1 libreoffice-langpack-st-3.4.6.2-0.3.mga1 libreoffice-langpack-sv-3.4.6.2-0.3.mga1 libreoffice-langpack-ta-3.4.6.2-0.3.mga1 libreoffice-langpack-te-3.4.6.2-0.3.mga1 libreoffice-langpack-th-3.4.6.2-0.3.mga1 libreoffice-langpack-tn-3.4.6.2-0.3.mga1 libreoffice-langpack-tr-3.4.6.2-0.3.mga1 libreoffice-langpack-ts-3.4.6.2-0.3.mga1 libreoffice-langpack-uk-3.4.6.2-0.3.mga1 libreoffice-langpack-ve-3.4.6.2-0.3.mga1 libreoffice-langpack-xh-3.4.6.2-0.3.mga1 libreoffice-langpack-zh_CN-3.4.6.2-0.3.mga1 libreoffice-langpack-zh_TW-3.4.6.2-0.3.mga1 libreoffice-langpack-zu-3.4.6.2-0.3.mga1 autocorr-en-3.4.6.2-0.3.mga1 autocorr-af-3.4.6.2-0.3.mga1 autocorr-bg-3.4.6.2-0.3.mga1 autocorr-cs-3.4.6.2-0.3.mga1 autocorr-da-3.4.6.2-0.3.mga1 autocorr-de-3.4.6.2-0.3.mga1 autocorr-es-3.4.6.2-0.3.mga1 autocorr-eu-3.4.6.2-0.3.mga1 autocorr-fa-3.4.6.2-0.3.mga1 autocorr-fi-3.4.6.2-0.3.mga1 autocorr-fr-3.4.6.2-0.3.mga1 autocorr-ga-3.4.6.2-0.3.mga1 autocorr-hr-3.4.6.2-0.3.mga1 autocorr-hu-3.4.6.2-0.3.mga1 autocorr-it-3.4.6.2-0.3.mga1 autocorr-ja-3.4.6.2-0.3.mga1 autocorr-ko-3.4.6.2-0.3.mga1 autocorr-lb-3.4.6.2-0.3.mga1 autocorr-lt-3.4.6.2-0.3.mga1 autocorr-mn-3.4.6.2-0.3.mga1 autocorr-nl-3.4.6.2-0.3.mga1 autocorr-pl-3.4.6.2-0.3.mga1 autocorr-pt-3.4.6.2-0.3.mga1 autocorr-ru-3.4.6.2-0.3.mga1 autocorr-sk-3.4.6.2-0.3.mga1 autocorr-sl-3.4.6.2-0.3.mga1 autocorr-sr-3.4.6.2-0.3.mga1 autocorr-sv-3.4.6.2-0.3.mga1 autocorr-tr-3.4.6.2-0.3.mga1 autocorr-vi-3.4.6.2-0.3.mga1 autocorr-zh-3.4.6.2-0.3.mga1 libreoffice-help-en-3.4.6.2-0.3.mga1 libreoffice-help-bg-3.4.6.2-0.3.mga1 libreoffice-help-bn-3.4.6.2-0.3.mga1 libreoffice-help-ca-3.4.6.2-0.3.mga1 libreoffice-help-cs-3.4.6.2-0.3.mga1 libreoffice-help-da-3.4.6.2-0.3.mga1 libreoffice-help-de-3.4.6.2-0.3.mga1 libreoffice-help-dz-3.4.6.2-0.3.mga1 libreoffice-help-el-3.4.6.2-0.3.mga1 libreoffice-help-es-3.4.6.2-0.3.mga1 libreoffice-help-et-3.4.6.2-0.3.mga1 libreoffice-help-eu-3.4.6.2-0.3.mga1 libreoffice-help-fi-3.4.6.2-0.3.mga1 libreoffice-help-fr-3.4.6.2-0.3.mga1 libreoffice-help-gl-3.4.6.2-0.3.mga1 libreoffice-help-hi-3.4.6.2-0.3.mga1 libreoffice-help-hu-3.4.6.2-0.3.mga1 libreoffice-help-it-3.4.6.2-0.3.mga1 libreoffice-help-ja-3.4.6.2-0.3.mga1 libreoffice-help-ko-3.4.6.2-0.3.mga1 libreoffice-help-nb-3.4.6.2-0.3.mga1 libreoffice-help-nl-3.4.6.2-0.3.mga1 libreoffice-help-nn-3.4.6.2-0.3.mga1 libreoffice-help-pl-3.4.6.2-0.3.mga1 libreoffice-help-pt_BR-3.4.6.2-0.3.mga1 libreoffice-help-pt-3.4.6.2-0.3.mga1 libreoffice-help-ru-3.4.6.2-0.3.mga1 libreoffice-help-si-3.4.6.2-0.3.mga1 libreoffice-help-sk-3.4.6.2-0.3.mga1 libreoffice-help-sl-3.4.6.2-0.3.mga1 libreoffice-help-sv-3.4.6.2-0.3.mga1 libreoffice-help-tr-3.4.6.2-0.3.mga1 libreoffice-help-uk-3.4.6.2-0.3.mga1 libreoffice-help-zh_CN-3.4.6.2-0.3.mga1 libreoffice-help-zh_TW-3.4.6.2-0.3.mga1 from libreoffice-3.4.6.2-0.3.mga1.src.rpm CC:
(none) =>
dmorganec No PoC Testing complete mga1 i586 spellcheck, autocorrect basic checks on all programs Hardware:
i586 =>
All testing complete x86_64 Validating See comment 1 for advisory and srpm Could sysadmin please push from core/updates_testing to core/updates Thanks! Keywords:
(none) =>
validated_update (In reply to comment #6) > See comment 1 for advisory and srpm Correction: It's in Comment 4 Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0253 Status:
NEW =>
RESOLVED |