[SECURITY] [DSA 3163-1] libreoffice security update

2015-02-1913:03:15

lists.debian.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Debian Security Advisory DSA-3163-1 [email protected]
http://www.debian.org/security/ Alessandro Ghedini
February 19, 2015 http://www.debian.org/security/faq

Package : libreoffice
CVE ID : CVE-2014-9093
Debian Bug : 771163

It was discovered that LibreOffice, an office productivity suite, could
try to write to invalid memory areas when importing malformed RTF files.
This could allow remote attackers to cause a denial of service (crash)
or arbitrary code execution via crafted RTF files.

For the stable distribution (wheezy), this problem has been fixed in
version 1:3.5.4+dfsg2-0+deb7u3.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 1:4.3.3-2.

For the unstable distribution (sid), this problem has been fixed in
version 1:4.3.3-2.

We recommend that you upgrade your libreoffice packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7mipslibreoffice-impress< 3.5.4+dfsg2-0+deb7u3libreoffice-impress_3.5.4+dfsg2-0+deb7u3_mips.deb
Debian7powerpclibreoffice-core< 3.5.4+dfsg2-0+deb7u3libreoffice-core_3.5.4+dfsg2-0+deb7u3_powerpc.deb
Debian7armhfure-dbg< 3.5.4+dfsg2-0+deb7u3ure-dbg_3.5.4+dfsg2-0+deb7u3_armhf.deb
Debian7s390xlibreoffice-math< 3.5.4+dfsg2-0+deb7u3libreoffice-math_3.5.4+dfsg2-0+deb7u3_s390x.deb
Debian7powerpclibreoffice-presentation-minimizer< 1.0.3+LibO3.5.4+dfsg2-0+deb7u3libreoffice-presentation-minimizer_1.0.3+LibO3.5.4+dfsg2-0+deb7u3_powerpc.deb
Debian7alllibreoffice-help-ko< 3.5.4+dfsg2-0+deb7u3libreoffice-help-ko_3.5.4+dfsg2-0+deb7u3_all.deb
Debian7armellibreoffice-base< 3.5.4+dfsg2-0+deb7u3libreoffice-base_3.5.4+dfsg2-0+deb7u3_armel.deb
Debian7alllibreoffice-l10n-be< 3.5.4+dfsg2-0+deb7u3libreoffice-l10n-be_3.5.4+dfsg2-0+deb7u3_all.deb
Debian7powerpclibreoffice< 3.5.4+dfsg2-0+deb7u3libreoffice_3.5.4+dfsg2-0+deb7u3_powerpc.deb
Debian7s390libreoffice-impress< 3.5.4+dfsg2-0+deb7u3libreoffice-impress_3.5.4+dfsg2-0+deb7u3_s390.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	mips	libreoffice-impress	< 3.5.4+dfsg2-0+deb7u3	libreoffice-impress_3.5.4+dfsg2-0+deb7u3_mips.deb
Debian	7	powerpc	libreoffice-core	< 3.5.4+dfsg2-0+deb7u3	libreoffice-core_3.5.4+dfsg2-0+deb7u3_powerpc.deb
Debian	7	armhf	ure-dbg	< 3.5.4+dfsg2-0+deb7u3	ure-dbg_3.5.4+dfsg2-0+deb7u3_armhf.deb
Debian	7	s390x	libreoffice-math	< 3.5.4+dfsg2-0+deb7u3	libreoffice-math_3.5.4+dfsg2-0+deb7u3_s390x.deb
Debian	7	powerpc	libreoffice-presentation-minimizer	< 1.0.3+LibO3.5.4+dfsg2-0+deb7u3	libreoffice-presentation-minimizer_1.0.3+LibO3.5.4+dfsg2-0+deb7u3_powerpc.deb
Debian	7	all	libreoffice-help-ko	< 3.5.4+dfsg2-0+deb7u3	libreoffice-help-ko_3.5.4+dfsg2-0+deb7u3_all.deb
Debian	7	armel	libreoffice-base	< 3.5.4+dfsg2-0+deb7u3	libreoffice-base_3.5.4+dfsg2-0+deb7u3_armel.deb
Debian	7	all	libreoffice-l10n-be	< 3.5.4+dfsg2-0+deb7u3	libreoffice-l10n-be_3.5.4+dfsg2-0+deb7u3_all.deb
Debian	7	powerpc	libreoffice	< 3.5.4+dfsg2-0+deb7u3	libreoffice_3.5.4+dfsg2-0+deb7u3_powerpc.deb
Debian	7	s390	libreoffice-impress	< 3.5.4+dfsg2-0+deb7u3	libreoffice-impress_3.5.4+dfsg2-0+deb7u3_s390.deb