| Summary: | <app-office/libreoffice-5.2.7.2: Multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | Flags: | stable-bot:
sanity-check+
|
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | A2 [glsa cve] | ||
| Package list: |
=app-office/libreoffice-5.2.7.2
=app-office/libreoffice-l10n-5.2.7.2
=app-office/libreoffice-bin-5.2.7.2
=app-office/libreoffice-bin-debug-5.2.7.2
|
Runtime testing required: | --- |
|
Description
Agostino Sarubbo
2017-04-24 11:40:59 UTC
CVE-2017-7882 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7882): LibreOffice before 2017-03-14 has an out-of-bounds write related to the HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx. CVE-2017-7870 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7870): LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in tools/source/generic/poly.cxx. CVE-2017-7856 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7856): LibreOffice before 2017-03-11 has an out-of-bounds write caused by a heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1 function in vcl/source/gdi/svmconverter.cxx.
TL;DR:
* Two of these issues have never been in *any* LO release.
* Two of these issues are present in current stable and will be fixed in LO 5.2.7, to be released within the next days ("Week 18 , May 1, 2017 - May 7, 2017").
I guess this merits waiting.
------------------------------
> From https://bugzilla.redhat.com/show_bug.cgi?id=1444053:
> LibreOffice has an out-of-bounds write caused by a heap-based buffer
> overflow related to the EnhWMFReader::ReadEnhWMF function in
> vcl/source/filter/wmf/enhwmf.cxx.
> References:
> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=313
> Upstream patch:
> https://github.com/LibreOffice/core/commit/
> 7485fc2a1484f31631f62f97e5c64c0ae74c6416
This is CVE-2016-10327. The bug was present in the 5.2 branch and a fix has been backported upstream.
f84516a348ea8e05bbf89816505a6041e711ebfd
> CVE-2017-7882 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7882):
> LibreOffice before 2017-03-14 has an out-of-bounds write related to the
> HWPFile::TagsRead function in hwpfilter/source/hwpfile.cxx.
^ The affected versions statement in the CVE is incorrect. This code has never been in the Libreoffice 5.2 branch or 5.3 branch. No release with this code exists.
> CVE-2017-7870 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7870):
> LibreOffice before 2017-01-02 has an out-of-bounds write caused by a
> heap-based buffer overflow related to the tools::Polygon::Insert function
> in
> tools/source/generic/poly.cxx.
> From https://bugzilla.redhat.com/show_bug.cgi?id=1444061:
> LibreOffice has an out-of-bounds write caused by a heap-based buffer
> overflow related to the tools::Polygon::Insert function in
> tools/source/generic/poly.cxx.
> References:
> https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372
> Upstream patch:
> https://github.com/LibreOffice/core/commit/
> 62a97e6a561ce65e88d4c537a1b82c336f012722
The bug is present in the 5.2 branch, a fix has been backported upstream
28e1680182666c13599b744efca8e0ebd08706d5
> CVE-2017-7856 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7856):
> LibreOffice before 2017-03-11 has an out-of-bounds write caused by a
> heap-based buffer overflow in the SVMConverter::ImplConvertFromSVM1
> function
> in vcl/source/gdi/svmconverter.cxx.
^ The affected versions statement in the CVE is incorrect. This code has never been in the Libreoffice 5.2 branch or 5.3 branch. No release with this code exists.
(In reply to Andreas K. Hüttel from comment #2) > * Two of these issues are present in current stable and will be fixed in LO > 5.2.7, to be released within the next days ("Week 18 , May 1, 2017 - May 7, > 2017"). 5.2.7.2 has entered tree with commit eadc94d6ffda9daa6d32724a450e089cbc8e602d Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. Has been in tree for a week, Calling for stabilization. Arches, please test and mark stable: =app-office/libreoffice-5.2.7.2 Target Keywords : "amd64 x86" Thank you! what about -bin ? (In reply to Yury German from comment #5) > Has been in tree for a week, Calling for stabilization. > > Arches, please test and mark stable: > > =app-office/libreoffice-5.2.7.2 > > Target Keywords : "amd64 x86" > > Thank you! Nope. Hands off. It takes some time to make the binary packages (and would even take more time if Patrick hadn't given me access to his personal build server). Arches please stabilize amd64 x86 =app-office/libreoffice-5.2.7.2 =app-office/libreoffice-l10n-5.2.7.2 =app-office/libreoffice-bin-5.2.7.2 =app-office/libreoffice-bin-debug-5.2.7.2 amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Cleanup done New GLSA request filed. This issue was resolved and addressed in GLSA 201706-28 at https://security.gentoo.org/glsa/201706-28 by GLSA coordinator Thomas Deutschmann (whissi). |
