autocorr, libreoffice security update

2017-04-13T10:58:20
ID CESA-2017:0914
Type centos
Reporter CentOS Project
Modified 2017-04-13T10:58:20

Description

CentOS Errata and Security Advisory CESA-2017:0914

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.

Security Fix(es):

  • It was found that LibreOffice disclosed contents of a file specified in an embedded object's preview. An attacker could potentially use this flaw to expose details of a system running LibreOffice as an online service via a crafted document. (CVE-2017-3157)

Bug Fix(es):

  • Previously, an improper resource management caused the LibreOffice Calc spreadsheet application to terminate unexpectedly after closing a dialog window with accessibility support enabled. The resource management has been improved, and the described problem no longer occurs. (BZ#1425536)

  • Previously, when an incorrect password was entered for a password protected document, the document has been considered as valid and a fallback attempt to open it as plain text has been made. As a consequence, it could appear that the document succesfully loaded, while just the encrypted unreadable content was shown. A fix has been made to terminate import attempts after entering incorrect password, and now nothing is loaded when a wrong password is entered. (BZ#1426348)

  • Previously, an improper resource management caused the LibreOffice Calc spreadsheet application to terminate unexpectedly during exit, after the Text Import dialog for CSV (Comma-separated Value) files closed, when accessibility support was enabled. The resource management has been improved, and the described problem no longer occurs. (BZ#1425535)

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2017-April/022359.html

Affected packages: autocorr-af autocorr-bg autocorr-ca autocorr-cs autocorr-da autocorr-de autocorr-en autocorr-es autocorr-fa autocorr-fi autocorr-fr autocorr-ga autocorr-hr autocorr-hu autocorr-is autocorr-it autocorr-ja autocorr-ko autocorr-lb autocorr-lt autocorr-mn autocorr-nl autocorr-pl autocorr-pt autocorr-ro autocorr-ru autocorr-sk autocorr-sl autocorr-sr autocorr-sv autocorr-tr autocorr-vi autocorr-zh libreoffice libreoffice-base libreoffice-bsh libreoffice-calc libreoffice-core libreoffice-draw libreoffice-emailmerge libreoffice-filters libreoffice-gdb-debug-support libreoffice-glade libreoffice-graphicfilter libreoffice-impress libreoffice-langpack-af libreoffice-langpack-ar libreoffice-langpack-as libreoffice-langpack-bg libreoffice-langpack-bn libreoffice-langpack-br libreoffice-langpack-ca libreoffice-langpack-cs libreoffice-langpack-cy libreoffice-langpack-da libreoffice-langpack-de libreoffice-langpack-dz libreoffice-langpack-el libreoffice-langpack-en libreoffice-langpack-es libreoffice-langpack-et libreoffice-langpack-eu libreoffice-langpack-fa libreoffice-langpack-fi libreoffice-langpack-fr libreoffice-langpack-ga libreoffice-langpack-gl libreoffice-langpack-gu libreoffice-langpack-he libreoffice-langpack-hi libreoffice-langpack-hr libreoffice-langpack-hu libreoffice-langpack-it libreoffice-langpack-ja libreoffice-langpack-kk libreoffice-langpack-kn libreoffice-langpack-ko libreoffice-langpack-lt libreoffice-langpack-lv libreoffice-langpack-mai libreoffice-langpack-ml libreoffice-langpack-mr libreoffice-langpack-nb libreoffice-langpack-nl libreoffice-langpack-nn libreoffice-langpack-nr libreoffice-langpack-nso libreoffice-langpack-or libreoffice-langpack-pa libreoffice-langpack-pl libreoffice-langpack-pt-BR libreoffice-langpack-pt-PT libreoffice-langpack-ro libreoffice-langpack-ru libreoffice-langpack-si libreoffice-langpack-sk libreoffice-langpack-sl libreoffice-langpack-sr libreoffice-langpack-ss libreoffice-langpack-st libreoffice-langpack-sv libreoffice-langpack-ta libreoffice-langpack-te libreoffice-langpack-th libreoffice-langpack-tn libreoffice-langpack-tr libreoffice-langpack-ts libreoffice-langpack-uk libreoffice-langpack-ve libreoffice-langpack-xh libreoffice-langpack-zh-Hans libreoffice-langpack-zh-Hant libreoffice-langpack-zu libreoffice-librelogo libreoffice-math libreoffice-nlpsolver libreoffice-officebean libreoffice-ogltrans libreoffice-opensymbol-fonts libreoffice-pdfimport libreoffice-postgresql libreoffice-pyuno libreoffice-rhino libreoffice-sdk libreoffice-sdk-doc libreoffice-ure libreoffice-wiki-publisher libreoffice-writer libreoffice-xsltfilter

Upstream details at: https://rhn.redhat.com/errata/RHSA-2017-0914.html