Bug 6944 - libreoffice new security issue CVE-2012-2665
: libreoffice new security issue CVE-2012-2665
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 1
: All Linux
: High Severity: major
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/509401/
: mga1-32-OK mga1-64-OK
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-08-03 20:25 CEST by David Walser
Modified: 2012-09-04 19:33 CEST (History)
3 users (show)

See Also:
Source RPM: libreoffice-3.4.6.2-0.1.mga1.src.rpm
CVE:


Attachments

Description David Walser 2012-08-03 20:25:27 CEST
RedHat has issued an advisory on August 1:
https://rhn.redhat.com/errata/RHSA-2012-1135.html

RedHat has 3.4.x, so patches from them should work.

According the upstream advisory, Libreoffice in Mageia 2 should be OK.

http://www.libreoffice.org/advisories/CVE-2012-2665/
Comment 1 David Walser 2012-08-04 14:49:54 CEST
Mandriva has issued an advisory for this today (August 4):
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:123
Comment 2 David Walser 2012-08-31 22:13:39 CEST
D Morgan is working on this update.  It will also fix the following CVEs:
CVE-2012-1149
CVE-2012-2334

References:
http://www.libreoffice.org/advisories/CVE-2012-1149/
http://www.libreoffice.org/advisories/CVE-2012-2334/
https://rhn.redhat.com/errata/RHSA-2012-0705.html
Comment 3 D Morgan 2012-09-01 00:04:06 CEST
and new build fixes CVE-2012-2665 too.

so the new rpm fixes:

CVE-2012-1149
CVE-2012-2334
CVE-2012-2665
Comment 4 David Walser 2012-09-01 02:18:49 CEST
Advisory:
========================

Updated libreoffice packages fix security vulnerabilities:

Multiple integer overflow flaws, leading to heap-based buffer overflows,
were found in the JPEG, PNG, and BMP image file reader implementations in
OpenOffice.org. An attacker could provide a specially-crafted JPEG, PNG,
or BMP image file that, when opened in an OpenOffice.org application, would
cause the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application (CVE-2012-1149).

An integer overflow flaw, leading to a buffer overflow, was found in the
way OpenOffice.org processed an invalid Escher graphics records length in
Microsoft Office PowerPoint documents. An attacker could provide a
specially-crafted Microsoft Office PowerPoint document that, when opened,
would cause OpenOffice.org to crash or, potentially, execute arbitrary code
with the privileges of the user running OpenOffice.org (CVE-2012-2334).

Multiple heap-based buffer overflow flaws were found in the way LibreOffice
processed encryption information in the manifest files of OpenDocument
Format files. An attacker could provide a specially-crafted OpenDocument
Format file that, when opened in a LibreOffice application, would cause the
application to crash or, potentially, execute arbitrary code with the
privileges of the user running the application (CVE-2012-2665).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2665
http://www.libreoffice.org/advisories/CVE-2012-1149/
http://www.libreoffice.org/advisories/CVE-2012-2334/
http://www.libreoffice.org/advisories/CVE-2012-2665/
https://rhn.redhat.com/errata/RHSA-2012-0705.html
https://rhn.redhat.com/errata/RHSA-2012-1135.html
========================

Updated packages in core/updates_testing:
========================
libreoffice-3.4.6.2-0.3.mga1
libreoffice-core-3.4.6.2-0.3.mga1
libreoffice-pyuno-3.4.6.2-0.3.mga1
libreoffice-base-3.4.6.2-0.3.mga1
libreoffice-report-builder-3.4.6.2-0.3.mga1
libreoffice-bsh-3.4.6.2-0.3.mga1
libreoffice-rhino-3.4.6.2-0.3.mga1
libreoffice-wiki-publisher-3.4.6.2-0.3.mga1
libreoffice-ogltrans-3.4.6.2-0.3.mga1
libreoffice-presentation-minimizer-3.4.6.2-0.3.mga1
libreoffice-presenter-screen-3.4.6.2-0.3.mga1
libreoffice-pdfimport-3.4.6.2-0.3.mga1
libreoffice-opensymbol-fonts-3.4.6.2-0.3.mga1
libreoffice-writer-3.4.6.2-0.3.mga1
libreoffice-emailmerge-3.4.6.2-0.3.mga1
libreoffice-calc-3.4.6.2-0.3.mga1
libreoffice-draw-3.4.6.2-0.3.mga1
libreoffice-impress-3.4.6.2-0.3.mga1
libreoffice-math-3.4.6.2-0.3.mga1
libreoffice-graphicfilter-3.4.6.2-0.3.mga1
libreoffice-xsltfilter-3.4.6.2-0.3.mga1
libreoffice-javafilter-3.4.6.2-0.3.mga1
libreoffice-testtools-3.4.6.2-0.3.mga1
libreoffice-ure-3.4.6.2-0.3.mga1
libreoffice-java-common-3.4.6.2-0.3.mga1
libreoffice-sdk-3.4.6.2-0.3.mga1
libreoffice-sdk-doc-3.4.6.2-0.3.mga1
libreoffice-headless-3.4.6.2-0.3.mga1
libreoffice-kde-3.4.6.2-0.3.mga1
libreoffice-debug-3.4.6.2-0.3.mga1
libreoffice-gdb-debug-support-3.4.6.2-0.3.mga1
libreoffice-langpack-af-3.4.6.2-0.3.mga1
libreoffice-langpack-ar-3.4.6.2-0.3.mga1
libreoffice-langpack-as-3.4.6.2-0.3.mga1
libreoffice-langpack-bg-3.4.6.2-0.3.mga1
libreoffice-langpack-bn-3.4.6.2-0.3.mga1
libreoffice-langpack-ca-3.4.6.2-0.3.mga1
libreoffice-langpack-cs-3.4.6.2-0.3.mga1
libreoffice-langpack-cy-3.4.6.2-0.3.mga1
libreoffice-langpack-da-3.4.6.2-0.3.mga1
libreoffice-langpack-de-3.4.6.2-0.3.mga1
libreoffice-langpack-dz-3.4.6.2-0.3.mga1
libreoffice-langpack-el-3.4.6.2-0.3.mga1
libreoffice-langpack-en-3.4.6.2-0.3.mga1
libreoffice-langpack-es-3.4.6.2-0.3.mga1
libreoffice-langpack-et-3.4.6.2-0.3.mga1
libreoffice-langpack-eu-3.4.6.2-0.3.mga1
libreoffice-langpack-fi-3.4.6.2-0.3.mga1
libreoffice-langpack-fr-3.4.6.2-0.3.mga1
libreoffice-langpack-ga-3.4.6.2-0.3.mga1
libreoffice-langpack-gl-3.4.6.2-0.3.mga1
libreoffice-langpack-gu-3.4.6.2-0.3.mga1
libreoffice-langpack-he-3.4.6.2-0.3.mga1
libreoffice-langpack-hi-3.4.6.2-0.3.mga1
libreoffice-langpack-hr-3.4.6.2-0.3.mga1
libreoffice-langpack-hu-3.4.6.2-0.3.mga1
libreoffice-langpack-it-3.4.6.2-0.3.mga1
libreoffice-langpack-ja-3.4.6.2-0.3.mga1
libreoffice-langpack-kn-3.4.6.2-0.3.mga1
libreoffice-langpack-ko-3.4.6.2-0.3.mga1
libreoffice-langpack-lt-3.4.6.2-0.3.mga1
libreoffice-langpack-mai-3.4.6.2-0.3.mga1
libreoffice-langpack-ml-3.4.6.2-0.3.mga1
libreoffice-langpack-mr-3.4.6.2-0.3.mga1
libreoffice-langpack-nb-3.4.6.2-0.3.mga1
libreoffice-langpack-nl-3.4.6.2-0.3.mga1
libreoffice-langpack-nn-3.4.6.2-0.3.mga1
libreoffice-langpack-nr-3.4.6.2-0.3.mga1
libreoffice-langpack-nso-3.4.6.2-0.3.mga1
libreoffice-langpack-or-3.4.6.2-0.3.mga1
libreoffice-langpack-pa-3.4.6.2-0.3.mga1
libreoffice-langpack-pl-3.4.6.2-0.3.mga1
libreoffice-langpack-pt-BR-3.4.6.2-0.3.mga1
libreoffice-langpack-pt-PT-3.4.6.2-0.3.mga1
libreoffice-langpack-ro-3.4.6.2-0.3.mga1
libreoffice-langpack-ru-3.4.6.2-0.3.mga1
libreoffice-langpack-si-3.4.6.2-0.3.mga1
libreoffice-langpack-sk-3.4.6.2-0.3.mga1
libreoffice-langpack-sl-3.4.6.2-0.3.mga1
libreoffice-langpack-sr-3.4.6.2-0.3.mga1
libreoffice-langpack-ss-3.4.6.2-0.3.mga1
libreoffice-langpack-st-3.4.6.2-0.3.mga1
libreoffice-langpack-sv-3.4.6.2-0.3.mga1
libreoffice-langpack-ta-3.4.6.2-0.3.mga1
libreoffice-langpack-te-3.4.6.2-0.3.mga1
libreoffice-langpack-th-3.4.6.2-0.3.mga1
libreoffice-langpack-tn-3.4.6.2-0.3.mga1
libreoffice-langpack-tr-3.4.6.2-0.3.mga1
libreoffice-langpack-ts-3.4.6.2-0.3.mga1
libreoffice-langpack-uk-3.4.6.2-0.3.mga1
libreoffice-langpack-ve-3.4.6.2-0.3.mga1
libreoffice-langpack-xh-3.4.6.2-0.3.mga1
libreoffice-langpack-zh_CN-3.4.6.2-0.3.mga1
libreoffice-langpack-zh_TW-3.4.6.2-0.3.mga1
libreoffice-langpack-zu-3.4.6.2-0.3.mga1
autocorr-en-3.4.6.2-0.3.mga1
autocorr-af-3.4.6.2-0.3.mga1
autocorr-bg-3.4.6.2-0.3.mga1
autocorr-cs-3.4.6.2-0.3.mga1
autocorr-da-3.4.6.2-0.3.mga1
autocorr-de-3.4.6.2-0.3.mga1
autocorr-es-3.4.6.2-0.3.mga1
autocorr-eu-3.4.6.2-0.3.mga1
autocorr-fa-3.4.6.2-0.3.mga1
autocorr-fi-3.4.6.2-0.3.mga1
autocorr-fr-3.4.6.2-0.3.mga1
autocorr-ga-3.4.6.2-0.3.mga1
autocorr-hr-3.4.6.2-0.3.mga1
autocorr-hu-3.4.6.2-0.3.mga1
autocorr-it-3.4.6.2-0.3.mga1
autocorr-ja-3.4.6.2-0.3.mga1
autocorr-ko-3.4.6.2-0.3.mga1
autocorr-lb-3.4.6.2-0.3.mga1
autocorr-lt-3.4.6.2-0.3.mga1
autocorr-mn-3.4.6.2-0.3.mga1
autocorr-nl-3.4.6.2-0.3.mga1
autocorr-pl-3.4.6.2-0.3.mga1
autocorr-pt-3.4.6.2-0.3.mga1
autocorr-ru-3.4.6.2-0.3.mga1
autocorr-sk-3.4.6.2-0.3.mga1
autocorr-sl-3.4.6.2-0.3.mga1
autocorr-sr-3.4.6.2-0.3.mga1
autocorr-sv-3.4.6.2-0.3.mga1
autocorr-tr-3.4.6.2-0.3.mga1
autocorr-vi-3.4.6.2-0.3.mga1
autocorr-zh-3.4.6.2-0.3.mga1
libreoffice-help-en-3.4.6.2-0.3.mga1
libreoffice-help-bg-3.4.6.2-0.3.mga1
libreoffice-help-bn-3.4.6.2-0.3.mga1
libreoffice-help-ca-3.4.6.2-0.3.mga1
libreoffice-help-cs-3.4.6.2-0.3.mga1
libreoffice-help-da-3.4.6.2-0.3.mga1
libreoffice-help-de-3.4.6.2-0.3.mga1
libreoffice-help-dz-3.4.6.2-0.3.mga1
libreoffice-help-el-3.4.6.2-0.3.mga1
libreoffice-help-es-3.4.6.2-0.3.mga1
libreoffice-help-et-3.4.6.2-0.3.mga1
libreoffice-help-eu-3.4.6.2-0.3.mga1
libreoffice-help-fi-3.4.6.2-0.3.mga1
libreoffice-help-fr-3.4.6.2-0.3.mga1
libreoffice-help-gl-3.4.6.2-0.3.mga1
libreoffice-help-hi-3.4.6.2-0.3.mga1
libreoffice-help-hu-3.4.6.2-0.3.mga1
libreoffice-help-it-3.4.6.2-0.3.mga1
libreoffice-help-ja-3.4.6.2-0.3.mga1
libreoffice-help-ko-3.4.6.2-0.3.mga1
libreoffice-help-nb-3.4.6.2-0.3.mga1
libreoffice-help-nl-3.4.6.2-0.3.mga1
libreoffice-help-nn-3.4.6.2-0.3.mga1
libreoffice-help-pl-3.4.6.2-0.3.mga1
libreoffice-help-pt_BR-3.4.6.2-0.3.mga1
libreoffice-help-pt-3.4.6.2-0.3.mga1
libreoffice-help-ru-3.4.6.2-0.3.mga1
libreoffice-help-si-3.4.6.2-0.3.mga1
libreoffice-help-sk-3.4.6.2-0.3.mga1
libreoffice-help-sl-3.4.6.2-0.3.mga1
libreoffice-help-sv-3.4.6.2-0.3.mga1
libreoffice-help-tr-3.4.6.2-0.3.mga1
libreoffice-help-uk-3.4.6.2-0.3.mga1
libreoffice-help-zh_CN-3.4.6.2-0.3.mga1
libreoffice-help-zh_TW-3.4.6.2-0.3.mga1

from libreoffice-3.4.6.2-0.3.mga1.src.rpm
Comment 5 claire robinson 2012-09-01 12:06:43 CEST
No PoC

Testing complete mga1 i586

spellcheck, autocorrect
basic checks on all programs
Comment 6 claire robinson 2012-09-01 12:43:56 CEST
testing complete x86_64

Validating

See comment 1 for advisory and srpm

Could sysadmin please push from core/updates_testing to core/updates

Thanks!
Comment 7 David Walser 2012-09-01 14:10:25 CEST
(In reply to comment #6)
> See comment 1 for advisory and srpm

Correction: It's in Comment 4
Comment 8 Thomas Backlund 2012-09-04 19:33:40 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0253

Note You need to log in before you can comment on or make changes to this bug.