Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 521136 (CVE-2014-3524) - <app-office/openoffice-bin-4.1.1: two vulnerabilities (CVE-2014-{3524,3575})
Summary: <app-office/openoffice-bin-4.1.1: two vulnerabilities (CVE-2014-{3524,3575})
Status: RESOLVED FIXED
Alias: CVE-2014-3524
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-26 16:01 UTC by Agostino Sarubbo
Modified: 2016-03-09 18:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-08-26 16:01:08 UTC 
From http://www.openoffice.org/security/cves/CVE-2014-3524.html:

OpenOffice Calc Command Injection Vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache OpenOffice 4.1.0 and older on Windows.
OpenOffice.org versions are also affected.
Description:
The vulnerability allows command injection when loading Calc spreadsheets. Specially crafted documents can be used for command-injection attacks. Further exploits are possible but have not been verified.

Mitigation
Apache OpenOffice users are advised to upgrade to Apache OpenOffice 4.1.1. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.

Credits
The Apache OpenOffice security team credits Rohan Durve and James Kettle of Context Information Security as the discoverer of this flaw.




From http://www.openoffice.org/security/cves/CVE-2014-3575.html:

OpenOffice Targeted Data Exposure Using Crafted OLE Objects
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache OpenOffice 4.1.0 and older on Windows.
OpenOffice.org versions are also affected.
Description:
The exposure exploits the way OLE previews are generated to embed arbitrary file data into a specially crafted document when it is opened. Data exposure is possible if the updated document is distributed to other parties.

Mitigation
Apache OpenOffice users are advised to upgrade to Apache OpenOffice 4.1.1. Users who are unable to upgrade immediately should be cautious when they are asked to "Update Links" for untrusted documents.

Credits
The Apache OpenOffice security team credits Open-Xchange for reporting this flaw.




@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2014-08-27 02:27:42 UTC 
CVE-2014-3524 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3524):
  Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary
  commands and possibly have other unspecified impact via a crafted Calc
  spreadsheet.
Comment 2 Chí-Thanh Christopher Nguyễn gentoo-dev 2014-08-28 10:00:41 UTC 
Arches, please stabilize app-office/openoffice-bin-4.1.1
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2014-08-28 10:25:24 UTC 
CVE-2014-3575 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3575):
  The OLE preview generation in Apache OpenOffice before 4.1.1 and
  OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data
  into documents via crafted OLE objects.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2014-08-28 10:25:42 UTC 
CVE-2014-3575 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3575):
  The OLE preview generation in Apache OpenOffice before 4.1.1 and
  OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data
  into documents via crafted OLE objects.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2014-08-28 10:39:47 UTC 
CVE-2014-3575 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3575):
  The OLE preview generation in Apache OpenOffice before 4.1.1 and
  OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data
  into documents via crafted OLE objects.
Comment 6 Agostino Sarubbo gentoo-dev 2014-08-29 13:31:42 UTC 
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2014-08-29 13:32:10 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 8 Chí-Thanh Christopher Nguyễn gentoo-dev 2014-08-29 13:41:01 UTC 
Vulnerable versions have been removed from the tree.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2014-08-30 18:47:41 UTC 
CVE-2014-3575 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3575):
  The OLE preview generation in Apache OpenOffice before 4.1.1 and
  OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data
  into documents via crafted OLE objects.
Comment 10 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-05-11 20:35:39 UTC 
Added to existing GLSA request (eafa83859)
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2016-03-09 18:10:29 UTC 
This issue was resolved and addressed in
 GLSA 201603-05 at https://security.gentoo.org/glsa/201603-05
by GLSA coordinator Kristian Fiskerstrand (K_F).