Bug 7949 - libreoffice new security issue CVE-2012-4233
Summary: libreoffice new security issue CVE-2012-4233
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 2
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL: http://lwn.net/Vulnerabilities/522426/
Whiteboard: has_procedure mga2-64-ok mga2-32-ok
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2012-11-01 20:41 CET by David Walser
Modified: 2013-02-09 14:05 CET (History)
5 users (show)

See Also:
Source RPM: libreoffice
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2012-11-01 20:41:04 CET 
Debian has issued an advisory on October 31:
http://www.debian.org/security/2012/dsa-2570

Mageia 1 and Mageia 2 are also affected.
David Walser 2012-11-01 20:41:12 CET

Whiteboard: (none) => MGA2TOO, MGA1TOO

Comment 2 David Walser 2012-11-26 15:47:14 CET 
Here's the upstream advisory:
http://www.libreoffice.org/advisories/cve-2012-4233/

So Cauldron is not affected.

Version: Cauldron => 2
Whiteboard: MGA2TOO, MGA1TOO => MGA1TOO

Comment 3 David Walser 2012-12-04 01:28:41 CET 
It looks like we have 3.5.7 in SVN currently, with a SPEC based on Fedora's.  They have a number of new patches past what we have in SVN.  I guess you'll want to sync that with Fedora.
David Walser 2012-12-21 14:25:51 CET

CC: (none) => oe

Comment 4 D Morgan 2013-02-08 00:13:01 CET 
sync'ed with fedora and pushed in the BS.
Comment 5 David Walser 2013-02-08 01:19:34 CET 
Thanks D Morgan!

Removing Mageia 1 from the whiteboard due to EOL.

Assigning to QA.

Advisory:
========================

Updated libreoffice packages fix security vulnerability:

Multiple denial of service flaws were found in various import filters of
LibreOffice. An attacker could create a specially-crafted file in the .xls
(Excel), .wmf (Window Meta File) or Open Document Format for Office
Applications formats which when loaded would immediately terminate the
application (CVE-2012-4233).

LibreOffice has been updated to version 3.5.7, which fixes these issues,
as well as several other bugs.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4233
http://www.libreoffice.org/advisories/cve-2012-4233/
http://www.debian.org/security/2012/dsa-2570
========================

Updated packages in core/updates_testing:
========================
libreoffice-3.5.7.2-0.1.mga2
libreoffice-core-3.5.7.2-0.1.mga2
libreoffice-pyuno-3.5.7.2-0.1.mga2
libreoffice-base-3.5.7.2-0.1.mga2
libreoffice-report-builder-3.5.7.2-0.1.mga2
libreoffice-bsh-3.5.7.2-0.1.mga2
libreoffice-rhino-3.5.7.2-0.1.mga2
libreoffice-wiki-publisher-3.5.7.2-0.1.mga2
libreoffice-nlpsolver-3.5.7.2-0.1.mga2
libreoffice-ogltrans-3.5.7.2-0.1.mga2
libreoffice-presentation-minimizer-3.5.7.2-0.1.mga2
libreoffice-presenter-screen-3.5.7.2-0.1.mga2
libreoffice-pdfimport-3.5.7.2-0.1.mga2
libreoffice-opensymbol-fonts-3.5.7.2-0.1.mga2
libreoffice-writer-3.5.7.2-0.1.mga2
libreoffice-emailmerge-3.5.7.2-0.1.mga2
libreoffice-calc-3.5.7.2-0.1.mga2
libreoffice-draw-3.5.7.2-0.1.mga2
libreoffice-impress-3.5.7.2-0.1.mga2
libreoffice-math-3.5.7.2-0.1.mga2
libreoffice-graphicfilter-3.5.7.2-0.1.mga2
libreoffice-xsltfilter-3.5.7.2-0.1.mga2
libreoffice-javafilter-3.5.7.2-0.1.mga2
libreoffice-postgresql-3.5.7.2-0.1.mga2
libreoffice-ure-3.5.7.2-0.1.mga2
libreoffice-java-common-3.5.7.2-0.1.mga2
libreoffice-sdk-3.5.7.2-0.1.mga2
libreoffice-sdk-doc-3.5.7.2-0.1.mga2
libreoffice-headless-3.5.7.2-0.1.mga2
libreoffice-kde-3.5.7.2-0.1.mga2
libreoffice-binfilter-3.5.7.2-0.1.mga2
libreoffice-debug-3.5.7.2-0.1.mga2
libreoffice-gdb-debug-support-3.5.7.2-0.1.mga2
libreoffice-langpack-af-3.5.7.2-0.1.mga2
libreoffice-langpack-ar-3.5.7.2-0.1.mga2
libreoffice-langpack-as-3.5.7.2-0.1.mga2
libreoffice-langpack-bg-3.5.7.2-0.1.mga2
libreoffice-langpack-bn-3.5.7.2-0.1.mga2
libreoffice-langpack-ca-3.5.7.2-0.1.mga2
libreoffice-langpack-cs-3.5.7.2-0.1.mga2
libreoffice-langpack-cy-3.5.7.2-0.1.mga2
libreoffice-langpack-da-3.5.7.2-0.1.mga2
libreoffice-langpack-de-3.5.7.2-0.1.mga2
libreoffice-langpack-dz-3.5.7.2-0.1.mga2
libreoffice-langpack-el-3.5.7.2-0.1.mga2
libreoffice-langpack-en-3.5.7.2-0.1.mga2
libreoffice-langpack-es-3.5.7.2-0.1.mga2
libreoffice-langpack-et-3.5.7.2-0.1.mga2
libreoffice-langpack-eu-3.5.7.2-0.1.mga2
libreoffice-langpack-fi-3.5.7.2-0.1.mga2
libreoffice-langpack-fr-3.5.7.2-0.1.mga2
libreoffice-langpack-ga-3.5.7.2-0.1.mga2
libreoffice-langpack-gl-3.5.7.2-0.1.mga2
libreoffice-langpack-gu-3.5.7.2-0.1.mga2
libreoffice-langpack-he-3.5.7.2-0.1.mga2
libreoffice-langpack-hi-3.5.7.2-0.1.mga2
libreoffice-langpack-hr-3.5.7.2-0.1.mga2
libreoffice-langpack-hu-3.5.7.2-0.1.mga2
libreoffice-langpack-it-3.5.7.2-0.1.mga2
libreoffice-langpack-ja-3.5.7.2-0.1.mga2
libreoffice-langpack-kn-3.5.7.2-0.1.mga2
libreoffice-langpack-ko-3.5.7.2-0.1.mga2
libreoffice-langpack-lt-3.5.7.2-0.1.mga2
libreoffice-langpack-mai-3.5.7.2-0.1.mga2
libreoffice-langpack-ml-3.5.7.2-0.1.mga2
libreoffice-langpack-mr-3.5.7.2-0.1.mga2
libreoffice-langpack-nb-3.5.7.2-0.1.mga2
libreoffice-langpack-nl-3.5.7.2-0.1.mga2
libreoffice-langpack-nn-3.5.7.2-0.1.mga2
libreoffice-langpack-nr-3.5.7.2-0.1.mga2
libreoffice-langpack-nso-3.5.7.2-0.1.mga2
libreoffice-langpack-or-3.5.7.2-0.1.mga2
libreoffice-langpack-pa-3.5.7.2-0.1.mga2
libreoffice-langpack-pl-3.5.7.2-0.1.mga2
libreoffice-langpack-pt-BR-3.5.7.2-0.1.mga2
libreoffice-langpack-pt-PT-3.5.7.2-0.1.mga2
libreoffice-langpack-ro-3.5.7.2-0.1.mga2
libreoffice-langpack-ru-3.5.7.2-0.1.mga2
libreoffice-langpack-si-3.5.7.2-0.1.mga2
libreoffice-langpack-sk-3.5.7.2-0.1.mga2
libreoffice-langpack-sl-3.5.7.2-0.1.mga2
libreoffice-langpack-sr-3.5.7.2-0.1.mga2
libreoffice-langpack-ss-3.5.7.2-0.1.mga2
libreoffice-langpack-st-3.5.7.2-0.1.mga2
libreoffice-langpack-sv-3.5.7.2-0.1.mga2
libreoffice-langpack-ta-3.5.7.2-0.1.mga2
libreoffice-langpack-te-3.5.7.2-0.1.mga2
libreoffice-langpack-th-3.5.7.2-0.1.mga2
libreoffice-langpack-tn-3.5.7.2-0.1.mga2
libreoffice-langpack-tr-3.5.7.2-0.1.mga2
libreoffice-langpack-ts-3.5.7.2-0.1.mga2
libreoffice-langpack-uk-3.5.7.2-0.1.mga2
libreoffice-langpack-ve-3.5.7.2-0.1.mga2
libreoffice-langpack-xh-3.5.7.2-0.1.mga2
libreoffice-langpack-zh_CN-3.5.7.2-0.1.mga2
libreoffice-langpack-zh_TW-3.5.7.2-0.1.mga2
libreoffice-langpack-zu-3.5.7.2-0.1.mga2
autocorr-en-3.5.7.2-0.1.mga2
autocorr-af-3.5.7.2-0.1.mga2
autocorr-bg-3.5.7.2-0.1.mga2
autocorr-cs-3.5.7.2-0.1.mga2
autocorr-da-3.5.7.2-0.1.mga2
autocorr-de-3.5.7.2-0.1.mga2
autocorr-es-3.5.7.2-0.1.mga2
autocorr-eu-3.5.7.2-0.1.mga2
autocorr-fa-3.5.7.2-0.1.mga2
autocorr-fi-3.5.7.2-0.1.mga2
autocorr-fr-3.5.7.2-0.1.mga2
autocorr-ga-3.5.7.2-0.1.mga2
autocorr-hr-3.5.7.2-0.1.mga2
autocorr-hu-3.5.7.2-0.1.mga2
autocorr-it-3.5.7.2-0.1.mga2
autocorr-ja-3.5.7.2-0.1.mga2
autocorr-ko-3.5.7.2-0.1.mga2
autocorr-lb-3.5.7.2-0.1.mga2
autocorr-lt-3.5.7.2-0.1.mga2
autocorr-mn-3.5.7.2-0.1.mga2
autocorr-nl-3.5.7.2-0.1.mga2
autocorr-pl-3.5.7.2-0.1.mga2
autocorr-pt-3.5.7.2-0.1.mga2
autocorr-ru-3.5.7.2-0.1.mga2
autocorr-sk-3.5.7.2-0.1.mga2
autocorr-sl-3.5.7.2-0.1.mga2
autocorr-sr-3.5.7.2-0.1.mga2
autocorr-sv-3.5.7.2-0.1.mga2
autocorr-tr-3.5.7.2-0.1.mga2
autocorr-vi-3.5.7.2-0.1.mga2
autocorr-zh-3.5.7.2-0.1.mga2
libreoffice-help-en-3.5.7.2-0.1.mga2
libreoffice-help-bg-3.5.7.2-0.1.mga2
libreoffice-help-bn-3.5.7.2-0.1.mga2
libreoffice-help-ca-3.5.7.2-0.1.mga2
libreoffice-help-cs-3.5.7.2-0.1.mga2
libreoffice-help-da-3.5.7.2-0.1.mga2
libreoffice-help-de-3.5.7.2-0.1.mga2
libreoffice-help-dz-3.5.7.2-0.1.mga2
libreoffice-help-el-3.5.7.2-0.1.mga2
libreoffice-help-es-3.5.7.2-0.1.mga2
libreoffice-help-et-3.5.7.2-0.1.mga2
libreoffice-help-eu-3.5.7.2-0.1.mga2
libreoffice-help-fi-3.5.7.2-0.1.mga2
libreoffice-help-fr-3.5.7.2-0.1.mga2
libreoffice-help-gl-3.5.7.2-0.1.mga2
libreoffice-help-hi-3.5.7.2-0.1.mga2
libreoffice-help-hu-3.5.7.2-0.1.mga2
libreoffice-help-it-3.5.7.2-0.1.mga2
libreoffice-help-ja-3.5.7.2-0.1.mga2
libreoffice-help-ko-3.5.7.2-0.1.mga2
libreoffice-help-nb-3.5.7.2-0.1.mga2
libreoffice-help-nl-3.5.7.2-0.1.mga2
libreoffice-help-nn-3.5.7.2-0.1.mga2
libreoffice-help-pl-3.5.7.2-0.1.mga2
libreoffice-help-pt_BR-3.5.7.2-0.1.mga2
libreoffice-help-pt-3.5.7.2-0.1.mga2
libreoffice-help-ru-3.5.7.2-0.1.mga2
libreoffice-help-si-3.5.7.2-0.1.mga2
libreoffice-help-sk-3.5.7.2-0.1.mga2
libreoffice-help-sl-3.5.7.2-0.1.mga2
libreoffice-help-sv-3.5.7.2-0.1.mga2
libreoffice-help-tr-3.5.7.2-0.1.mga2
libreoffice-help-uk-3.5.7.2-0.1.mga2
libreoffice-help-zh_CN-3.5.7.2-0.1.mga2
libreoffice-help-zh_TW-3.5.7.2-0.1.mga2

from libreoffice-3.5.7.2-0.1.mga2.src.rpm

CC: (none) => dmorganec
Assignee: dmorganec => qa-bugs
Whiteboard: MGA1TOO => (none)

Comment 6 claire robinson 2013-02-08 13:22:16 CET 
More info and PoC here: https://www.htbridge.com/advisory/HTB23106
Comment 7 claire robinson 2013-02-08 13:23:58 CET 
Multiple PoC's in fact
Comment 8 claire robinson 2013-02-08 14:10:54 CET 
Testing complete mga2 64

Before
------

Confirmed the crashes with 1.odg, 1.xls and crashv3-5-5-3.odt.

When testing with 10.ppt it quickly eats system resources making it difficult to kill so I recommend having a terminal open ready which you can switch to and 'killall -9 soffice.bin'.

After
-----

All Ok.

Checked spelling and auto-correction in each of the office apps

Whiteboard: (none) => has_procedure mga2-64-ok

Comment 9 Bill Wilkinson 2013-02-09 01:02:59 CET 
Did not confirm crashes before, but tested the 4 files from PoCs, all opened normally.  Tested writer and calc on my usual work, and no regression apparent. No databases to test in base, Draw opened JPG files normally.

CC: (none) => wrw105
Whiteboard: has_procedure mga2-64-ok => has_procedure mga2-64-ok mga2-32-ok

Comment 10 claire robinson 2013-02-09 09:53:06 CET 
Thanks Bill

Validating

Advisory & SRPM in comment 5

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 11 Thomas Backlund 2013-02-09 14:05:07 CET 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0045

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.