Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2011:172 | First vendor Publication | 2011-11-11 |
Vendor | Mandriva | Last vendor Modification | 2011-11-11 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilies has been discovered and corrected in libreoffice: Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file (CVE-2011-2685). oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser (CVE-2011-2713). This update brings a new LibreOffice version 3.4.3 release linked against stdc++ and gcc_s standard libraries available in the Mandriva 2011 and solves installing conflicts with libstdc++ (#64224). The package clipart-openclipart was dropped from the main repository in the Mandriva 2011. However it is not required having clipart-openclipart installed in order to install libreoffice-openclipart as the LibreOffice still provides some cliparts directly in that package (#63634). This update fixes some OpenOffice.org leftovers in some packages description replacing that by LibreOffice (#64658). This update brings new LibreOffice l10n locale packages: Assanese as, Bengali bn, Dzongkha dz, Farsi fa, Irish ga, Galician gl, Gujarati gu, Croatian hr, Kannada kn, Lithuanian lt, Latvian lv, Maithili mai, Malayalam ml, Marathi mr, Ndebele nr, Northern Shoto nso, Oriya or, Punjabi pa_IN, Romanian ro, Secwepemctsin sh, Sinhalese si, Serbian sr, Swati ss, Shoto st, Telugu te, Thai th, Tswana tn, Tsonga ts, Ukrainian uk, Venda ve and Xhosa xh. Help packages are also provided for: bn, dz, gl, gu, hr, si and uk. Additionally the gaupol packages are being provided to solve a build dependcy of some of the supporting tools already added into 2011. The updated packages have been upgraded to LibreOffice version 3.4.3 where these isssues has been resolved. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:172 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14956 | |||
Oval ID: | oval:org.mitre.oval:def:14956 | ||
Title: | DSA-2315-1 openoffice.org -- multiple vulnerabilities | ||
Description: | Red Hat, Inc. security researcher Huzaifa Sidhpurwala reported multiple vulnerabilities in the binary Microsoft Word file format importer of OpenOffice.org, a full-featured office productivity suite that provides a near drop-in replacement for Microsoft Office. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2315-1 CVE-2011-2713 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openoffice.org |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-05 (libreoffice) File : nvt/glsa_201209_05.nasl |
2012-07-03 | Name : Ubuntu Update for openoffice.org USN-1496-1 File : nvt/gb_ubuntu_USN_1496_1.nasl |
2012-06-15 | Name : Fedora Update for libreoffice FEDORA-2012-8114 File : nvt/gb_fedora_2012_8114_libreoffice_fc15.nasl |
2012-01-10 | Name : LibreOffice 'DOC' File Denial of Service Vulnerability (Windows) File : nvt/gb_libre_office_doc_file_dos_vuln_win.nasl |
2011-10-21 | Name : Fedora Update for libreoffice FEDORA-2011-14036 File : nvt/gb_fedora_2011_14036_libreoffice_fc15.nasl |
2011-10-21 | Name : Fedora Update for openoffice.org FEDORA-2011-14049 File : nvt/gb_fedora_2011_14049_openoffice.org_fc14.nasl |
2011-10-16 | Name : Debian Security Advisory DSA 2315-1 (openoffice.org) File : nvt/deb_2315_1.nasl |
2011-07-27 | Name : LibreOffice LWP File Processing Multiple Buffer Overflow Vulnerabilities (Linux) File : nvt/secpod_libre_office_lwp_mult_bof_vuln_lin.nasl |
2011-07-27 | Name : LibreOffice LWP File Processing Multiple Buffer Overflow Vulnerabilities (Win... File : nvt/secpod_libre_office_lwp_mult_bof_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76178 | OpenOffice.org (OOo) Out-of-of Bounds Read DOC FIle Handling Remote DoS |
73314 | LibreOffice LWP File Handling Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-09-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-19.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libreoffice-34-111007.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_4_libreoffice-34-111007.nasl - Type : ACT_GATHER_INFO |
2012-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-05.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2011-172.nasl - Type : ACT_GATHER_INFO |
2012-07-03 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1496-1.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libreoffice-34-111012.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libreoffice-34-7791.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote Fedora host is missing a security update. File : fedora_2011-14036.nasl - Type : ACT_GATHER_INFO |
2011-10-19 | Name : The remote Fedora host is missing a security update. File : fedora_2011-14049.nasl - Type : ACT_GATHER_INFO |
2011-10-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2315.nasl - Type : ACT_GATHER_INFO |
2011-07-13 | Name : The remote Windows host has a program affected by a buffer overflow vulnerabi... File : libreoffice_340.nasl - Type : ACT_GATHER_INFO |
2011-07-13 | Name : The remote Mac OS X host has a program affected by a buffer overflow vulnerab... File : macosx_libreoffice_340.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:42:33 |
|