Summary: | <app-office/libreoffice{,-bin}-3.5.5.3,<app-office/openoffice-bin-3.4.1: XML Manifest Handling Buffer Overflow Vulnerabilities (CVE-2012-2665) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chithanh |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/50142/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 427098, 433483 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2012-08-02 12:37:58 UTC
@security, if you agree please file glsa request. app-office/libreoffice is glsa ready (stabilization done in 427098). @openoffice, please bump -bin as well. Thanks. (In reply to comment #2) > app-office/libreoffice is glsa ready (stabilization done in 427098). > > @openoffice, please bump -bin as well. Thanks. really soon now, build finished yesterday, I just need a faster pipe for uploading... :) (In reply to comment #3) > (In reply to comment #2) > > app-office/libreoffice is glsa ready (stabilization done in 427098). > > > > @openoffice, please bump -bin as well. Thanks. > > really soon now, build finished yesterday, I just need a faster pipe for > uploading... :) binpackages are up and stabilization is requested in bug 427098 Thanks, Andreas! CVE-2012-2665 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665): Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four. stabilization of bin packages completed. This issue was resolved and addressed in GLSA 201209-05 at http://security.gentoo.org/glsa/glsa-201209-05.xml by GLSA coordinator Sean Amoss (ackle). Re-open until OpenOffice GLSA is sent. No vulnerable versions in tree anymore. This issue was resolved and addressed in GLSA 201408-19 at http://security.gentoo.org/glsa/glsa-201408-19.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |