Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 386081 (CVE-2011-2713) - <app-office/libreoffice{,-bin}-{3.3.4,3.4.3},<app-office/openoffice-bin-3.4.0 out of bounds reading .doc files (CVE-2011-2713)
Summary: <app-office/libreoffice{,-bin}-{3.3.4,3.4.3},<app-office/openoffice-bin-3.4.0...
Status: RESOLVED FIXED
Alias: CVE-2011-2713
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.libreoffice.org/advisories...
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks: 409509
  Show dependency tree
 
Reported: 2011-10-07 14:53 UTC by Chí-Thanh Christopher Nguyễn
Modified: 2014-08-31 15:21 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chí-Thanh Christopher Nguyễn gentoo-dev 2011-10-07 14:53:18 UTC
http://blog.documentfoundation.org/2011/10/05/the-document-foundation-publishes-details-of-libreoffice-3-4-3-security-fixes/

RedHat security researcher Huzaifa Sidhpurwala identified a memory corruption vulnerability in the code responsible for loading Microsoft Word documents in LibreOffice. This flaw could have been used for nefarious purposes, such as installing viruses, through a specially-crafted file. The corresponding vulnerability description is CVE-2011-2713,”Out-of-bounds property read in binary .doc filter”.
Comment 1 Tomáš Chvátal (RETIRED) gentoo-dev 2011-10-07 18:24:54 UTC
libreoffice is clear of the affected versions (i just forgot to remove 3.3.3 which i did now).

So just punt openoffice-bin or whatever you want to do with it...
Comment 2 Chí-Thanh Christopher Nguyễn gentoo-dev 2011-10-07 18:28:00 UTC
OpenOffice upstream is working on a fix. No ETA yet, though. When CVE-2011-2713 goes public and no fix exists, I will p.mask openoffice-bin.
Comment 3 Chí-Thanh Christopher Nguyễn gentoo-dev 2011-10-10 02:12:50 UTC
More information appears to be available, it is a DoS vulnerability. Adjusting summary and severity.
Comment 4 Chí-Thanh Christopher Nguyễn gentoo-dev 2012-05-08 23:34:31 UTC
Arches, please stabilize app-office/openoffice-bin-3.4.0

Target keywords: amd64 x86 ~amd64-linux ~x86-linux
Comment 5 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-05-09 17:39:50 UTC
(In reply to comment #4)
> Arches, please stabilize app-office/openoffice-bin-3.4.0
> 
> Target keywords: amd64 x86 ~amd64-linux ~x86-linux

x86 stable
Comment 6 Maurizio Camisaschi (amd64 AT) 2012-05-10 15:42:11 UTC
amd64 ok
Comment 7 Agostino Sarubbo gentoo-dev 2012-05-13 11:12:54 UTC
amd64 stable
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2012-05-13 16:33:46 UTC
Added to existing GLSA request.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2012-09-24 10:56:54 UTC
This issue was resolved and addressed in
 GLSA 201209-05 at http://security.gentoo.org/glsa/glsa-201209-05.xml
by GLSA coordinator Sean Amoss (ackle).
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 15:21:40 UTC
This issue was resolved and addressed in
 GLSA 201408-19 at http://security.gentoo.org/glsa/glsa-201408-19.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).