6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.095 Low
EPSS
Percentile
94.7%
CentOS Errata and Security Advisory CESA-2015:2619
LibreOffice is an open source, community-developed office productivity
suite. It includes key desktop applications, such as a word processor, a
spreadsheet, a presentation manager, a formula editor, and a drawing
program. LibreOffice replaces OpenOffice and provides a similar but
enhanced and extended office suite.
It was discovered that LibreOffice did not properly restrict automatic link
updates. By tricking a victim into opening specially crafted documents, an
attacker could possibly use this flaw to disclose contents of files
accessible by the victim. (CVE-2015-4551)
An integer underflow flaw leading to a heap-based buffer overflow when
parsing PrinterSetup data was discovered. By tricking a user into opening a
specially crafted document, an attacker could possibly exploit this flaw to
execute arbitrary code with the privileges of the user opening the file.
(CVE-2015-5212)
An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way LibreOffice processed certain Microsoft Word .doc files.
By tricking a user into opening a specially crafted Microsoft Word .doc
document, an attacker could possibly use this flaw to execute arbitrary
code with the privileges of the user opening the file. (CVE-2015-5213)
It was discovered that LibreOffice did not properly sanity check bookmark
indexes. By tricking a user into opening a specially crafted document, an
attacker could possibly use this flaw to execute arbitrary code with the
privileges of the user opening the file. (CVE-2015-5214)
All libreoffice users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-December/083683.html
https://lists.centos.org/pipermail/centos-announce/2015-December/083684.html
Affected packages:
autocorr-af
autocorr-bg
autocorr-ca
autocorr-cs
autocorr-da
autocorr-de
autocorr-en
autocorr-es
autocorr-fa
autocorr-fi
autocorr-fr
autocorr-ga
autocorr-hr
autocorr-hu
autocorr-is
autocorr-it
autocorr-ja
autocorr-ko
autocorr-lb
autocorr-lt
autocorr-mn
autocorr-nl
autocorr-pl
autocorr-pt
autocorr-ro
autocorr-ru
autocorr-sk
autocorr-sl
autocorr-sr
autocorr-sv
autocorr-tr
autocorr-vi
autocorr-zh
libreoffice
libreoffice-base
libreoffice-bsh
libreoffice-calc
libreoffice-core
libreoffice-draw
libreoffice-emailmerge
libreoffice-filters
libreoffice-gdb-debug-support
libreoffice-glade
libreoffice-graphicfilter
libreoffice-headless
libreoffice-impress
libreoffice-langpack-af
libreoffice-langpack-ar
libreoffice-langpack-as
libreoffice-langpack-bg
libreoffice-langpack-bn
libreoffice-langpack-br
libreoffice-langpack-ca
libreoffice-langpack-cs
libreoffice-langpack-cy
libreoffice-langpack-da
libreoffice-langpack-de
libreoffice-langpack-dz
libreoffice-langpack-el
libreoffice-langpack-en
libreoffice-langpack-es
libreoffice-langpack-et
libreoffice-langpack-eu
libreoffice-langpack-fa
libreoffice-langpack-fi
libreoffice-langpack-fr
libreoffice-langpack-ga
libreoffice-langpack-gl
libreoffice-langpack-gu
libreoffice-langpack-he
libreoffice-langpack-hi
libreoffice-langpack-hr
libreoffice-langpack-hu
libreoffice-langpack-it
libreoffice-langpack-ja
libreoffice-langpack-kk
libreoffice-langpack-kn
libreoffice-langpack-ko
libreoffice-langpack-lt
libreoffice-langpack-lv
libreoffice-langpack-mai
libreoffice-langpack-ml
libreoffice-langpack-mr
libreoffice-langpack-ms
libreoffice-langpack-nb
libreoffice-langpack-nl
libreoffice-langpack-nn
libreoffice-langpack-nr
libreoffice-langpack-nso
libreoffice-langpack-or
libreoffice-langpack-pa
libreoffice-langpack-pl
libreoffice-langpack-pt-BR
libreoffice-langpack-pt-PT
libreoffice-langpack-ro
libreoffice-langpack-ru
libreoffice-langpack-si
libreoffice-langpack-sk
libreoffice-langpack-sl
libreoffice-langpack-sr
libreoffice-langpack-ss
libreoffice-langpack-st
libreoffice-langpack-sv
libreoffice-langpack-ta
libreoffice-langpack-te
libreoffice-langpack-th
libreoffice-langpack-tn
libreoffice-langpack-tr
libreoffice-langpack-ts
libreoffice-langpack-uk
libreoffice-langpack-ur
libreoffice-langpack-ve
libreoffice-langpack-xh
libreoffice-langpack-zh-Hans
libreoffice-langpack-zh-Hant
libreoffice-langpack-zu
libreoffice-librelogo
libreoffice-math
libreoffice-nlpsolver
libreoffice-officebean
libreoffice-ogltrans
libreoffice-opensymbol-fonts
libreoffice-pdfimport
libreoffice-postgresql
libreoffice-pyuno
libreoffice-rhino
libreoffice-sdk
libreoffice-sdk-doc
libreoffice-ure
libreoffice-wiki-publisher
libreoffice-writer
libreoffice-xsltfilter
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:2619
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | noarch | autocorr-af | < 4.2.8.2-11.el6_7.1 | autocorr-af-4.2.8.2-11.el6_7.1.noarch.rpm |
CentOS | 6 | noarch | autocorr-bg | < 4.2.8.2-11.el6_7.1 | autocorr-bg-4.2.8.2-11.el6_7.1.noarch.rpm |
CentOS | 6 | noarch | autocorr-ca | < 4.2.8.2-11.el6_7.1 | autocorr-ca-4.2.8.2-11.el6_7.1.noarch.rpm |
CentOS | 6 | noarch | autocorr-cs | < 4.2.8.2-11.el6_7.1 | autocorr-cs-4.2.8.2-11.el6_7.1.noarch.rpm |
CentOS | 6 | noarch | autocorr-da | < 4.2.8.2-11.el6_7.1 | autocorr-da-4.2.8.2-11.el6_7.1.noarch.rpm |
CentOS | 6 | noarch | autocorr-de | < 4.2.8.2-11.el6_7.1 | autocorr-de-4.2.8.2-11.el6_7.1.noarch.rpm |
CentOS | 6 | noarch | autocorr-en | < 4.2.8.2-11.el6_7.1 | autocorr-en-4.2.8.2-11.el6_7.1.noarch.rpm |
CentOS | 6 | noarch | autocorr-es | < 4.2.8.2-11.el6_7.1 | autocorr-es-4.2.8.2-11.el6_7.1.noarch.rpm |
CentOS | 6 | noarch | autocorr-fa | < 4.2.8.2-11.el6_7.1 | autocorr-fa-4.2.8.2-11.el6_7.1.noarch.rpm |
CentOS | 6 | noarch | autocorr-fi | < 4.2.8.2-11.el6_7.1 | autocorr-fi-4.2.8.2-11.el6_7.1.noarch.rpm |