From secunia advisory at $URL: Description Multiple vulnerabilities have been reported in LibreOffice, which can be exploited by malicious people to compromise a user's system. 1) An error when handling tag hierarchy within an XML manifest file can be exploited to cause a heap-based buffer overflow. 2) A boundary error when duplicating certain tags within an XML manifest file can be exploited to cause a heap-based buffer overflow. 3) An error within the Base64 decoder implementation when exporting an XML manifest file can be exploited to cause a heap-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening a specially crafted ODF file. The vulnerabilities are reported in versions prior to 3.5.5 and 3.6.0. Solution Update to version 3.5.5 or 3.6.0.
@security, if you agree please file glsa request.
app-office/libreoffice is glsa ready (stabilization done in 427098). @openoffice, please bump -bin as well. Thanks.
(In reply to comment #2) > app-office/libreoffice is glsa ready (stabilization done in 427098). > > @openoffice, please bump -bin as well. Thanks. really soon now, build finished yesterday, I just need a faster pipe for uploading... :)
(In reply to comment #3) > (In reply to comment #2) > > app-office/libreoffice is glsa ready (stabilization done in 427098). > > > > @openoffice, please bump -bin as well. Thanks. > > really soon now, build finished yesterday, I just need a faster pipe for > uploading... :) binpackages are up and stabilization is requested in bug 427098
Thanks, Andreas!
CVE-2012-2665 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665): Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.
stabilization of bin packages completed.
This issue was resolved and addressed in GLSA 201209-05 at http://security.gentoo.org/glsa/glsa-201209-05.xml by GLSA coordinator Sean Amoss (ackle).
Re-open until OpenOffice GLSA is sent.
No vulnerable versions in tree anymore.
This issue was resolved and addressed in GLSA 201408-19 at http://security.gentoo.org/glsa/glsa-201408-19.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
