RedHat has issued an advisory on August 1: https://rhn.redhat.com/errata/RHSA-2012-1135.html RedHat has 3.4.x, so patches from them should work. According the upstream advisory, Libreoffice in Mageia 2 should be OK. http://www.libreoffice.org/advisories/CVE-2012-2665/
Priority: Normal => HighSeverity: normal => major
Mandriva has issued an advisory for this today (August 4): http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:123
D Morgan is working on this update. It will also fix the following CVEs: CVE-2012-1149 CVE-2012-2334 References: http://www.libreoffice.org/advisories/CVE-2012-1149/ http://www.libreoffice.org/advisories/CVE-2012-2334/ https://rhn.redhat.com/errata/RHSA-2012-0705.html
and new build fixes CVE-2012-2665 too. so the new rpm fixes: CVE-2012-1149 CVE-2012-2334 CVE-2012-2665
Advisory: ======================== Updated libreoffice packages fix security vulnerabilities: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the JPEG, PNG, and BMP image file reader implementations in OpenOffice.org. An attacker could provide a specially-crafted JPEG, PNG, or BMP image file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2012-1149). An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org (CVE-2012-2334). Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2012-2665). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1149 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2334 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2665 http://www.libreoffice.org/advisories/CVE-2012-1149/ http://www.libreoffice.org/advisories/CVE-2012-2334/ http://www.libreoffice.org/advisories/CVE-2012-2665/ https://rhn.redhat.com/errata/RHSA-2012-0705.html https://rhn.redhat.com/errata/RHSA-2012-1135.html ======================== Updated packages in core/updates_testing: ======================== libreoffice-3.4.6.2-0.3.mga1 libreoffice-core-3.4.6.2-0.3.mga1 libreoffice-pyuno-3.4.6.2-0.3.mga1 libreoffice-base-3.4.6.2-0.3.mga1 libreoffice-report-builder-3.4.6.2-0.3.mga1 libreoffice-bsh-3.4.6.2-0.3.mga1 libreoffice-rhino-3.4.6.2-0.3.mga1 libreoffice-wiki-publisher-3.4.6.2-0.3.mga1 libreoffice-ogltrans-3.4.6.2-0.3.mga1 libreoffice-presentation-minimizer-3.4.6.2-0.3.mga1 libreoffice-presenter-screen-3.4.6.2-0.3.mga1 libreoffice-pdfimport-3.4.6.2-0.3.mga1 libreoffice-opensymbol-fonts-3.4.6.2-0.3.mga1 libreoffice-writer-3.4.6.2-0.3.mga1 libreoffice-emailmerge-3.4.6.2-0.3.mga1 libreoffice-calc-3.4.6.2-0.3.mga1 libreoffice-draw-3.4.6.2-0.3.mga1 libreoffice-impress-3.4.6.2-0.3.mga1 libreoffice-math-3.4.6.2-0.3.mga1 libreoffice-graphicfilter-3.4.6.2-0.3.mga1 libreoffice-xsltfilter-3.4.6.2-0.3.mga1 libreoffice-javafilter-3.4.6.2-0.3.mga1 libreoffice-testtools-3.4.6.2-0.3.mga1 libreoffice-ure-3.4.6.2-0.3.mga1 libreoffice-java-common-3.4.6.2-0.3.mga1 libreoffice-sdk-3.4.6.2-0.3.mga1 libreoffice-sdk-doc-3.4.6.2-0.3.mga1 libreoffice-headless-3.4.6.2-0.3.mga1 libreoffice-kde-3.4.6.2-0.3.mga1 libreoffice-debug-3.4.6.2-0.3.mga1 libreoffice-gdb-debug-support-3.4.6.2-0.3.mga1 libreoffice-langpack-af-3.4.6.2-0.3.mga1 libreoffice-langpack-ar-3.4.6.2-0.3.mga1 libreoffice-langpack-as-3.4.6.2-0.3.mga1 libreoffice-langpack-bg-3.4.6.2-0.3.mga1 libreoffice-langpack-bn-3.4.6.2-0.3.mga1 libreoffice-langpack-ca-3.4.6.2-0.3.mga1 libreoffice-langpack-cs-3.4.6.2-0.3.mga1 libreoffice-langpack-cy-3.4.6.2-0.3.mga1 libreoffice-langpack-da-3.4.6.2-0.3.mga1 libreoffice-langpack-de-3.4.6.2-0.3.mga1 libreoffice-langpack-dz-3.4.6.2-0.3.mga1 libreoffice-langpack-el-3.4.6.2-0.3.mga1 libreoffice-langpack-en-3.4.6.2-0.3.mga1 libreoffice-langpack-es-3.4.6.2-0.3.mga1 libreoffice-langpack-et-3.4.6.2-0.3.mga1 libreoffice-langpack-eu-3.4.6.2-0.3.mga1 libreoffice-langpack-fi-3.4.6.2-0.3.mga1 libreoffice-langpack-fr-3.4.6.2-0.3.mga1 libreoffice-langpack-ga-3.4.6.2-0.3.mga1 libreoffice-langpack-gl-3.4.6.2-0.3.mga1 libreoffice-langpack-gu-3.4.6.2-0.3.mga1 libreoffice-langpack-he-3.4.6.2-0.3.mga1 libreoffice-langpack-hi-3.4.6.2-0.3.mga1 libreoffice-langpack-hr-3.4.6.2-0.3.mga1 libreoffice-langpack-hu-3.4.6.2-0.3.mga1 libreoffice-langpack-it-3.4.6.2-0.3.mga1 libreoffice-langpack-ja-3.4.6.2-0.3.mga1 libreoffice-langpack-kn-3.4.6.2-0.3.mga1 libreoffice-langpack-ko-3.4.6.2-0.3.mga1 libreoffice-langpack-lt-3.4.6.2-0.3.mga1 libreoffice-langpack-mai-3.4.6.2-0.3.mga1 libreoffice-langpack-ml-3.4.6.2-0.3.mga1 libreoffice-langpack-mr-3.4.6.2-0.3.mga1 libreoffice-langpack-nb-3.4.6.2-0.3.mga1 libreoffice-langpack-nl-3.4.6.2-0.3.mga1 libreoffice-langpack-nn-3.4.6.2-0.3.mga1 libreoffice-langpack-nr-3.4.6.2-0.3.mga1 libreoffice-langpack-nso-3.4.6.2-0.3.mga1 libreoffice-langpack-or-3.4.6.2-0.3.mga1 libreoffice-langpack-pa-3.4.6.2-0.3.mga1 libreoffice-langpack-pl-3.4.6.2-0.3.mga1 libreoffice-langpack-pt-BR-3.4.6.2-0.3.mga1 libreoffice-langpack-pt-PT-3.4.6.2-0.3.mga1 libreoffice-langpack-ro-3.4.6.2-0.3.mga1 libreoffice-langpack-ru-3.4.6.2-0.3.mga1 libreoffice-langpack-si-3.4.6.2-0.3.mga1 libreoffice-langpack-sk-3.4.6.2-0.3.mga1 libreoffice-langpack-sl-3.4.6.2-0.3.mga1 libreoffice-langpack-sr-3.4.6.2-0.3.mga1 libreoffice-langpack-ss-3.4.6.2-0.3.mga1 libreoffice-langpack-st-3.4.6.2-0.3.mga1 libreoffice-langpack-sv-3.4.6.2-0.3.mga1 libreoffice-langpack-ta-3.4.6.2-0.3.mga1 libreoffice-langpack-te-3.4.6.2-0.3.mga1 libreoffice-langpack-th-3.4.6.2-0.3.mga1 libreoffice-langpack-tn-3.4.6.2-0.3.mga1 libreoffice-langpack-tr-3.4.6.2-0.3.mga1 libreoffice-langpack-ts-3.4.6.2-0.3.mga1 libreoffice-langpack-uk-3.4.6.2-0.3.mga1 libreoffice-langpack-ve-3.4.6.2-0.3.mga1 libreoffice-langpack-xh-3.4.6.2-0.3.mga1 libreoffice-langpack-zh_CN-3.4.6.2-0.3.mga1 libreoffice-langpack-zh_TW-3.4.6.2-0.3.mga1 libreoffice-langpack-zu-3.4.6.2-0.3.mga1 autocorr-en-3.4.6.2-0.3.mga1 autocorr-af-3.4.6.2-0.3.mga1 autocorr-bg-3.4.6.2-0.3.mga1 autocorr-cs-3.4.6.2-0.3.mga1 autocorr-da-3.4.6.2-0.3.mga1 autocorr-de-3.4.6.2-0.3.mga1 autocorr-es-3.4.6.2-0.3.mga1 autocorr-eu-3.4.6.2-0.3.mga1 autocorr-fa-3.4.6.2-0.3.mga1 autocorr-fi-3.4.6.2-0.3.mga1 autocorr-fr-3.4.6.2-0.3.mga1 autocorr-ga-3.4.6.2-0.3.mga1 autocorr-hr-3.4.6.2-0.3.mga1 autocorr-hu-3.4.6.2-0.3.mga1 autocorr-it-3.4.6.2-0.3.mga1 autocorr-ja-3.4.6.2-0.3.mga1 autocorr-ko-3.4.6.2-0.3.mga1 autocorr-lb-3.4.6.2-0.3.mga1 autocorr-lt-3.4.6.2-0.3.mga1 autocorr-mn-3.4.6.2-0.3.mga1 autocorr-nl-3.4.6.2-0.3.mga1 autocorr-pl-3.4.6.2-0.3.mga1 autocorr-pt-3.4.6.2-0.3.mga1 autocorr-ru-3.4.6.2-0.3.mga1 autocorr-sk-3.4.6.2-0.3.mga1 autocorr-sl-3.4.6.2-0.3.mga1 autocorr-sr-3.4.6.2-0.3.mga1 autocorr-sv-3.4.6.2-0.3.mga1 autocorr-tr-3.4.6.2-0.3.mga1 autocorr-vi-3.4.6.2-0.3.mga1 autocorr-zh-3.4.6.2-0.3.mga1 libreoffice-help-en-3.4.6.2-0.3.mga1 libreoffice-help-bg-3.4.6.2-0.3.mga1 libreoffice-help-bn-3.4.6.2-0.3.mga1 libreoffice-help-ca-3.4.6.2-0.3.mga1 libreoffice-help-cs-3.4.6.2-0.3.mga1 libreoffice-help-da-3.4.6.2-0.3.mga1 libreoffice-help-de-3.4.6.2-0.3.mga1 libreoffice-help-dz-3.4.6.2-0.3.mga1 libreoffice-help-el-3.4.6.2-0.3.mga1 libreoffice-help-es-3.4.6.2-0.3.mga1 libreoffice-help-et-3.4.6.2-0.3.mga1 libreoffice-help-eu-3.4.6.2-0.3.mga1 libreoffice-help-fi-3.4.6.2-0.3.mga1 libreoffice-help-fr-3.4.6.2-0.3.mga1 libreoffice-help-gl-3.4.6.2-0.3.mga1 libreoffice-help-hi-3.4.6.2-0.3.mga1 libreoffice-help-hu-3.4.6.2-0.3.mga1 libreoffice-help-it-3.4.6.2-0.3.mga1 libreoffice-help-ja-3.4.6.2-0.3.mga1 libreoffice-help-ko-3.4.6.2-0.3.mga1 libreoffice-help-nb-3.4.6.2-0.3.mga1 libreoffice-help-nl-3.4.6.2-0.3.mga1 libreoffice-help-nn-3.4.6.2-0.3.mga1 libreoffice-help-pl-3.4.6.2-0.3.mga1 libreoffice-help-pt_BR-3.4.6.2-0.3.mga1 libreoffice-help-pt-3.4.6.2-0.3.mga1 libreoffice-help-ru-3.4.6.2-0.3.mga1 libreoffice-help-si-3.4.6.2-0.3.mga1 libreoffice-help-sk-3.4.6.2-0.3.mga1 libreoffice-help-sl-3.4.6.2-0.3.mga1 libreoffice-help-sv-3.4.6.2-0.3.mga1 libreoffice-help-tr-3.4.6.2-0.3.mga1 libreoffice-help-uk-3.4.6.2-0.3.mga1 libreoffice-help-zh_CN-3.4.6.2-0.3.mga1 libreoffice-help-zh_TW-3.4.6.2-0.3.mga1 from libreoffice-3.4.6.2-0.3.mga1.src.rpm
CC: (none) => dmorganecAssignee: dmorganec => qa-bugs
No PoC Testing complete mga1 i586 spellcheck, autocorrect basic checks on all programs
Hardware: i586 => AllWhiteboard: (none) => mga1-32-OK
testing complete x86_64 Validating See comment 1 for advisory and srpm Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: mga1-32-OK => mga1-32-OK mga1-64-OK
(In reply to comment #6) > See comment 1 for advisory and srpm Correction: It's in Comment 4
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0253
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED