[Frugalware-security] [ FSA-726 ] libreoffice
Miklos Vajna
vmiklos at frugalware.org
Fri Jun 24 09:18:25 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Frugalware Security Advisory FSA-726
Date: 2011-06-24
Package: libreoffice
Vulnerable versions: <= 3.3.0.4-3
Unaffected versions: >= 3.3.3.1-1nexon1
Related bugreport: http://bugs.frugalware.org/task/4518
CVE: No CVE, see
http://www.kb.cert.org/vuls/id/953183
Description
===========
Multiple vulnerabilities have been reported in LibreOffice, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to errors in the import filter when processing Lotus Word Pro (LWP) files and can be exploited to cause a stack-based buffer overflow via a specially crafted file.
Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious LWP file.
Updated Packages
================
Check if you have libreoffice installed:
# pacman-g2 -Q libreoffice
If found, then you should upgrade to the latest version:
# pacman-g2 -Sy libreoffice
Availability
============
The latest revision of this advisory is available at
http://frugalware.org/security/726
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
iEYEARECAAYFAk4EOkAACgkQZ7NElSD1Vhlf1wCdG0x3lQzHam3dlsXZR+d1/EIe
OAAAnRreUN9ckyla7df3oGQSdMogb3rn
=WHkE
-----END PGP SIGNATURE-----
More information about the Frugalware-security
mailing list