Mandriva Update For Libreoffice MDVSA-2012:091 (libreoffice) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

Security issues were identified and fixed in libreoffice: An integer overflow vulnerability in the libreoffice graphic loading code could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code (CVE-2012-1149). An integer overflow flaw, leading to buffer overflow, was found in the way libreoffice processed invalid Escher graphics records length in PowerPoint documents. An attacker could provide a specially-crafted PowerPoint document that, when opened, would cause libreoffice to crash or, potentially, execute arbitrary code with the privileges of the user running libreoffice (CVE-2012-2334). libreoffice for Mandriva Linux 2011 has been upgraded to the 3.5.4 version which is not vulnerable to these issues.

Affected

libreoffice on Mandriva Linux 2011.0

Severity

Classification

CVE CVE-2012-1149, CVE-2012-2334

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:103 (udev)
Mandrake Security Advisory MDVSA-2009:035 (gstreamer0.10-plugins-good)
Mandrake Security Advisory MDVSA-2009:095 (ghostscript)
Mandrake Security Advisory MDVSA-2009:121 (lcms)
Mandrake Security Advisory MDVSA-2009:190 (OpenEXR)

Mandriva Update for libreoffice MDVSA-2012:091 (libreoffice)

Take action and discover your vulnerabilities