Executive Summary
Summary | |
---|---|
Title | libreoffice security update |
Informations | |||
---|---|---|---|
Name | RHSA-2015:2619 | First vendor Publication | 2015-12-14 |
Vendor | RedHat | Last vendor Modification | 2015-12-14 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated libreoffice packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, noarch, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim. (CVE-2015-4551) An integer underflow flaw leading to a heap-based buffer overflow when parsing PrinterSetup data was discovered. By tricking a user into opening a specially crafted document, an attacker could possibly exploit this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5212) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way LibreOffice processed certain Microsoft Word .doc files. By tricking a user into opening a specially crafted Microsoft Word .doc document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5213) It was discovered that LibreOffice did not properly sanity check bookmark indexes. By tricking a user into opening a specially crafted document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5214) All libreoffice users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1278812 - CVE-2015-4551 libreoffice: Arbitrary file disclosure in Calc and Writer 1278820 - CVE-2015-5212 libreoffice: Integer underflow in PrinterSetup length 1278824 - CVE-2015-5213 libreoffice: Integer overflow in DOC files 1278827 - CVE-2015-5214 libreoffice: Bookmarks in DOC documents are insufficiently checked causing memory corruption |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2015-2619.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
25 % | CWE-200 | Information Exposure |
25 % | CWE-191 | Integer Underflow (Wrap or Wraparound) |
25 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-11-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201611-03.nasl - Type : ACT_GATHER_INFO |
2016-07-22 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_72f71e264f6911e6ac37ac9e174be3af.nasl - Type : ACT_GATHER_INFO |
2016-03-10 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201603-05.nasl - Type : ACT_GATHER_INFO |
2016-02-29 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-273.nasl - Type : ACT_GATHER_INFO |
2016-02-04 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2016-0324-1.nasl - Type : ACT_GATHER_INFO |
2015-12-16 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20151214_libreoffice_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2015-12-15 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2015-2619.nasl - Type : ACT_GATHER_INFO |
2015-12-15 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2015-2619.nasl - Type : ACT_GATHER_INFO |
2015-12-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2015-2619.nasl - Type : ACT_GATHER_INFO |
2015-11-17 | Name : The remote Windows host has an application installed that is affected by mult... File : openoffice_412.nasl - Type : ACT_GATHER_INFO |
2015-11-17 | Name : The remote host has an application installed that is affected by an arbitrary... File : macosx_libreoffice_501.nasl - Type : ACT_GATHER_INFO |
2015-11-17 | Name : The remote host has an application installed that is affected by multiple vul... File : macosx_libreoffice_445.nasl - Type : ACT_GATHER_INFO |
2015-11-17 | Name : The remote host has an application installed that is affected by an arbitrary... File : libreoffice_501.nasl - Type : ACT_GATHER_INFO |
2015-11-17 | Name : The remote host has an application installed that is affected by multiple vul... File : libreoffice_445.nasl - Type : ACT_GATHER_INFO |
2015-11-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2793-1.nasl - Type : ACT_GATHER_INFO |
2015-11-06 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_18b3c61b83de11e5905bac9e174be3af.nasl - Type : ACT_GATHER_INFO |
2015-11-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3394.nasl - Type : ACT_GATHER_INFO |
2015-11-05 | Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1915-1.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-12-16 13:26:37 |
|
2015-12-15 13:26:47 |
|
2015-12-14 09:25:12 |
|