autocorr, libabw, libcmis, libetonyek, libfreehand, liblangtag, libmwaw, libodfgen, libreoffice, mdds security update

CentOS Errata and Security Advisory CESA-2015:0377

LibreOffice is an open source, community-developed office productivity
suite. It includes key desktop applications, such as a word processor, a
spreadsheet, a presentation manager, a formula editor, and a drawing
program. LibreOffice replaces OpenOffice and provides a similar but
enhanced and extended office suite.

It was found that LibreOffice documents executed macros unconditionally,
without user approval, when these documents were opened using LibreOffice.
An attacker could use this flaw to execute arbitrary code as the user
running LibreOffice by embedding malicious VBA scripts in the document as
macros. (CVE-2014-0247)

A flaw was found in the OLE (Object Linking and Embedding) generation in
LibreOffice. An attacker could use this flaw to embed malicious OLE code in
a LibreOffice document, allowing for arbitrary code execution.
(CVE-2014-3575)

A use-after-free flaw was found in the “Remote Control” capabilities of the
LibreOffice Impress application. An attacker could use this flaw to
remotely execute code with the permissions of the user running LibreOffice
Impress. (CVE-2014-3693)

The libreoffice packages have been upgraded to upstream version 4.2.6.3,
which provides a number of bug fixes and enhancements over the previous
version. Among others:

• Improved OpenXML interoperability.

• Additional statistic functions in Calc (for interoperability with Excel
  and Excel’s Add-in “Analysis ToolPak”).

• Various performance improvements in Calc.

• Apple Keynote and Abiword import.

• Improved MathML export.

• New Start screen with thumbnails of recently opened documents.

• Visual clue in Slide Sorter when a slide has a transition or an
  animation.

• Improvements for trend lines in charts.

• Support for BCP-47 language tags. (BZ#1119709)

All libreoffice users are advised to upgrade to these updated packages,
which correct these issues and add these enhancements.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2015-March/027883.html
https://lists.centos.org/pipermail/centos-cr-announce/2015-March/027885.html
https://lists.centos.org/pipermail/centos-cr-announce/2015-March/027890.html
https://lists.centos.org/pipermail/centos-cr-announce/2015-March/027891.html
https://lists.centos.org/pipermail/centos-cr-announce/2015-March/027904.html
https://lists.centos.org/pipermail/centos-cr-announce/2015-March/027909.html
https://lists.centos.org/pipermail/centos-cr-announce/2015-March/027915.html
https://lists.centos.org/pipermail/centos-cr-announce/2015-March/027921.html
https://lists.centos.org/pipermail/centos-cr-announce/2015-March/027946.html

Affected packages:
autocorr-af
autocorr-bg
autocorr-ca
autocorr-cs
autocorr-da
autocorr-de
autocorr-en
autocorr-es
autocorr-fa
autocorr-fi
autocorr-fr
autocorr-ga
autocorr-hr
autocorr-hu
autocorr-is
autocorr-it
autocorr-ja
autocorr-ko
autocorr-lb
autocorr-lt
autocorr-mn
autocorr-nl
autocorr-pl
autocorr-pt
autocorr-ro
autocorr-ru
autocorr-sk
autocorr-sl
autocorr-sr
autocorr-sv
autocorr-tr
autocorr-vi
autocorr-zh
libabw
libabw-devel
libabw-doc
libabw-tools
libcmis
libcmis-devel
libcmis-tools
libetonyek
libetonyek-devel
libetonyek-doc
libetonyek-tools
libfreehand
libfreehand-devel
libfreehand-doc
libfreehand-tools
liblangtag
liblangtag-devel
liblangtag-doc
liblangtag-gobject
libmwaw
libmwaw-devel
libmwaw-doc
libmwaw-tools
libodfgen
libodfgen-devel
libodfgen-doc
libreoffice
libreoffice-base
libreoffice-bsh
libreoffice-calc
libreoffice-core
libreoffice-draw
libreoffice-emailmerge
libreoffice-filters
libreoffice-gdb-debug-support
libreoffice-glade
libreoffice-graphicfilter
libreoffice-headless
libreoffice-impress
libreoffice-langpack-af
libreoffice-langpack-ar
libreoffice-langpack-as
libreoffice-langpack-bg
libreoffice-langpack-bn
libreoffice-langpack-br
libreoffice-langpack-ca
libreoffice-langpack-cs
libreoffice-langpack-cy
libreoffice-langpack-da
libreoffice-langpack-de
libreoffice-langpack-dz
libreoffice-langpack-el
libreoffice-langpack-en
libreoffice-langpack-es
libreoffice-langpack-et
libreoffice-langpack-eu
libreoffice-langpack-fa
libreoffice-langpack-fi
libreoffice-langpack-fr
libreoffice-langpack-ga
libreoffice-langpack-gl
libreoffice-langpack-gu
libreoffice-langpack-he
libreoffice-langpack-hi
libreoffice-langpack-hr
libreoffice-langpack-hu
libreoffice-langpack-it
libreoffice-langpack-ja
libreoffice-langpack-kk
libreoffice-langpack-kn
libreoffice-langpack-ko
libreoffice-langpack-lt
libreoffice-langpack-lv
libreoffice-langpack-mai
libreoffice-langpack-ml
libreoffice-langpack-mr
libreoffice-langpack-nb
libreoffice-langpack-nl
libreoffice-langpack-nn
libreoffice-langpack-nr
libreoffice-langpack-nso
libreoffice-langpack-or
libreoffice-langpack-pa
libreoffice-langpack-pl
libreoffice-langpack-pt-BR
libreoffice-langpack-pt-PT
libreoffice-langpack-ro
libreoffice-langpack-ru
libreoffice-langpack-si
libreoffice-langpack-sk
libreoffice-langpack-sl
libreoffice-langpack-sr
libreoffice-langpack-ss
libreoffice-langpack-st
libreoffice-langpack-sv
libreoffice-langpack-ta
libreoffice-langpack-te
libreoffice-langpack-th
libreoffice-langpack-tn
libreoffice-langpack-tr
libreoffice-langpack-ts
libreoffice-langpack-uk
libreoffice-langpack-ve
libreoffice-langpack-xh
libreoffice-langpack-zh-Hans
libreoffice-langpack-zh-Hant
libreoffice-langpack-zu
libreoffice-librelogo
libreoffice-math
libreoffice-nlpsolver
libreoffice-ogltrans
libreoffice-opensymbol-fonts
libreoffice-pdfimport
libreoffice-postgresql
libreoffice-pyuno
libreoffice-rhino
libreoffice-sdk
libreoffice-sdk-doc
libreoffice-ure
libreoffice-wiki-publisher
libreoffice-writer
libreoffice-xsltfilter
mdds-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2015:0377