From ${URL} : Title: CVE-2014-3693 Use-After-Free in socket manager of Impress Remote Announced: November 05, 2014 Fixed in: LibreOffice 4.2.7/4.3.3 Description: In LibreOffice 4.0.0 and later, a new feature was added for remote control capabilities in Impress. Users can run a smart phone application to communicate with Impress over a custom protocol to switch slides and the like. By default whenever Impress is started, it immediately began listening on TCP port 1599 on all interfaces. But there was a use after free bug in the code managing that port leaving LibreOffice vulnerable to external attackers with access to that port where those external attackers could cause the deleted port manager to continue to process attacker supplied data. All users are recommended to upgrade to LibreOffice 4.2.7 or 4.3.3. The impress remote can be disabled by: 1. Open LibreOffice, go to "Tools -> Options..." 2. Select "LibreOffice Impress -> General" 3. Uncheck "Presentation -> Enable remote control" @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
I'm preparing a bump of Libreoffice 4.2.8.2, for this bug and for the Boost 1.56 build fix from bug 522178.
CVE-2014-3693 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3693): Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.
I have bumped LibreOffice 4.2.8.2, which is a stable branch bugfix release and addresses (amongst other things) this issue. Since all my machines run 4.3 and I can't downgrade, this is a blind bump, only build-tested. Arches please TEST (i.e., build, run, play with it for a while) and stabilize app-office/libreoffice-4.2.8.2 app-office/libreoffice-l10n-4.2.8.2 app-office/libreoffice-bin-4.2.8.2 app-office/libreoffice-bin-debug-4.2.8.2 Target: amd64 x86 NOTE: for libreoffice-bin, this depends >> only on x86 << still on bug 523164 (poppler and icu stabilization) and bug 525286 (boost stabilization), both long pending...
(In reply to Agostino Sarubbo from comment #0) > 1. Open LibreOffice, go to "Tools -> Options..." > 2. Select "LibreOffice Impress -> General" > 3. Uncheck "Presentation -> Enable remote control" In amd64 app-office/libreoffice-l10n-4.2.6.3-r1 I do not find this option
(In reply to Toralf Förster from comment #4) > In amd64 app-office/libreoffice-l10n-4.2.6.3-r1 I do not find this option I meant app-office/libreoffice-bin-4.2.6.3-r2
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
All vulnerable versions removed. Office out.
Arches and Maintainer(s), Thank you for your work. GLSA Vote: Yes
GLSA Vote: Yes. New request filed.
This issue was resolved and addressed in GLSA 201603-05 at https://security.gentoo.org/glsa/201603-05 by GLSA coordinator Kristian Fiskerstrand (K_F).
