Hi, Should this be the subject of a post on the OI website ? Better visibility of such security announcements could be appreciated by users. I can create a category with a dedicated page for such information if there is interest. Best regards
Aurélien On Fri, Dec 25, 2015 at 7:15 PM, Thomas Wagner <[email protected]> wrote: > Hi Ken, > > we have version 4.4.5 in the binary repo. > > I couldn't find a location with a patch for this CVE; so if anyone > has better luck, I would integrate it and rebuild the packages. > > Until then, users may not blindly click on links in documents they > don't trust the source. > > Regards, > Thomas > > On Tue, Dec 22, 2015 at 04:15:06PM +0000, ken mays via oi-dev wrote: > > > > Security update: Update to LibreOffice 4.4.7 > > Location: OI-SFE packaging > > LibreOffice is an open source, community-developed office productivity > > suite. It includes key desktop applications, such as a word processor, > > a > > spreadsheet, a presentation manager, a formula editor, and a drawing > > program. LibreOffice replaces OpenOffice and provides a similar but > > enhanced and extended office suite. > > It was discovered that LibreOffice did not properly restrict automatic > > link > > updates. By tricking a victim into opening specially crafted > > documents, an > > attacker could possibly use this flaw to disclose contents of files > > accessible by the victim. (CVE-2015-4551) > > An integer underflow flaw leading to a heap-based buffer overflow when > > parsing PrinterSetup data was discovered. By tricking a user into > > opening a > > specially crafted document, an attacker could possibly exploit this > > flaw to > > execute arbitrary code with the privileges of the user opening the > > file. > > (CVE-2015-5212) > > An integer overflow flaw, leading to a heap-based buffer overflow, was > > found in the way LibreOffice processed certain Microsoft Word .doc > > files. > > By tricking a user into opening a specially crafted Microsoft Word > > .doc > > document, an attacker could possibly use this flaw to execute > > arbitrary > > code with the privileges of the user opening the file. (CVE-2015-5213) > > It was discovered that LibreOffice did not properly sanity check > > bookmark > > indexes. By tricking a user into opening a specially crafted document, > > an > > attacker could possibly use this flaw to execute arbitrary code with > > the > > privileges of the user opening the file. (CVE-2015-5214) > > All libreoffice users are advised to upgrade to these updated > > packages, > > which contain backported patches to correct these issues. > > > _______________________________________________ > > oi-dev mailing list > > [email protected] > > http://openindiana.org/mailman/listinfo/oi-dev > > -- > -- > Thomas Wagner > > ------------------------------------------------------------------------ > Service rund um UNIX(TM), Wagner Network Services, Thomas Wagner > Solaris(TM), Linux(TM) Eschenweg 21, 89174 Altheim, Germany > Novell(TM), Windows(TM) TEL: +49-731-9807799, FAX: +49-731-9807711 > Telekommunikation, LAN, MOBILE/CELL: +49-171-6135989 > Internet-Service, Elektronik EMAIL: [email protected] > > _______________________________________________ > oi-dev mailing list > [email protected] > http://openindiana.org/mailman/listinfo/oi-dev > -- --- Praise the Caffeine embeddings
_______________________________________________ oi-dev mailing list [email protected] http://openindiana.org/mailman/listinfo/oi-dev
