Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 429482 (CVE-2012-2665) - <app-office/libreoffice{,-bin}-3.5.5.3,<app-office/openoffice-bin-3.4.1: XML Manifest Handling Buffer Overflow Vulnerabilities (CVE-2012-2665)
Summary: <app-office/libreoffice{,-bin}-3.5.5.3,<app-office/openoffice-bin-3.4.1: XML...
Status: RESOLVED FIXED
Alias: CVE-2012-2665
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/50142/
Whiteboard: B2 [glsa]
Keywords:
Depends on: 427098 433483
Blocks:
  Show dependency tree
 
Reported: 2012-08-02 12:37 UTC by Agostino Sarubbo
Modified: 2014-08-31 15:21 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-08-02 12:37:58 UTC
From secunia advisory at $URL:


Description
Multiple vulnerabilities have been reported in LibreOffice, which can be exploited by malicious people to compromise a user's system.

1) An error when handling tag hierarchy within an XML manifest file can be exploited to cause a heap-based buffer overflow.

2) A boundary error when duplicating certain tags within an XML manifest file can be exploited to cause a heap-based buffer overflow.

3) An error within the Base64 decoder implementation when exporting an XML manifest file can be exploited to cause a heap-based buffer overflow.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening a specially crafted ODF file.

The vulnerabilities are reported in versions prior to 3.5.5 and 3.6.0.


Solution
Update to version 3.5.5 or 3.6.0.
Comment 1 Agostino Sarubbo gentoo-dev 2012-08-02 12:38:30 UTC
@security, if you agree please file glsa request.
Comment 2 Sean Amoss gentoo-dev Security 2012-08-02 13:31:21 UTC
app-office/libreoffice is glsa ready (stabilization done in 427098).

@openoffice, please bump -bin as well. Thanks.
Comment 3 Andreas K. Hüttel gentoo-dev 2012-08-02 20:31:06 UTC
(In reply to comment #2)
> app-office/libreoffice is glsa ready (stabilization done in 427098).
> 
> @openoffice, please bump -bin as well. Thanks.

really soon now, build finished yesterday, I just need a faster pipe for uploading... :)
Comment 4 Andreas K. Hüttel gentoo-dev 2012-08-03 08:19:27 UTC
(In reply to comment #3)
> (In reply to comment #2)
> > app-office/libreoffice is glsa ready (stabilization done in 427098).
> > 
> > @openoffice, please bump -bin as well. Thanks.
> 
> really soon now, build finished yesterday, I just need a faster pipe for
> uploading... :)

binpackages are up and stabilization is requested in bug 427098
Comment 5 Sean Amoss gentoo-dev Security 2012-08-03 11:49:20 UTC
Thanks, Andreas!
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2012-08-07 00:58:21 UTC
CVE-2012-2665 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2665):
  Multiple heap-based buffer overflows in the XML manifest encryption tag
  parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow
  remote attackers to cause a denial of service and possibly execute arbitrary
  code via a crafted Open Document Text (.odt) file with (1) a child tag
  within an incorrect parent tag, (2) duplicate tags, or (3) a Base64
  ChecksumAttribute whose length is not evenly divisible by four.
Comment 7 Tim Sammut (RETIRED) gentoo-dev 2012-08-16 04:51:08 UTC
stabilization of bin packages completed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-09-24 10:57:01 UTC
This issue was resolved and addressed in
 GLSA 201209-05 at http://security.gentoo.org/glsa/glsa-201209-05.xml
by GLSA coordinator Sean Amoss (ackle).
Comment 9 Sean Amoss gentoo-dev Security 2012-09-24 11:14:43 UTC
Re-open until OpenOffice GLSA is sent.
Comment 10 Andreas K. Hüttel gentoo-dev 2013-07-28 22:56:21 UTC
No vulnerable versions in tree anymore.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 15:21:55 UTC
This issue was resolved and addressed in
 GLSA 201408-19 at http://security.gentoo.org/glsa/glsa-201408-19.xml
by GLSA coordinator Kristian Fiskerstrand (K_F).