[SECURITY] [DSA 3482-1] libreoffice security update

2016-02-1719:29:59

lists.debian.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.021 Low

EPSS

Percentile

89.0%

JSON

Debian Security Advisory DSA-3482-1 [email protected]
https://www.debian.org/security/ Sebastien Delafond
February 17, 2016 https://www.debian.org/security/faq

Package : libreoffice
CVE ID : CVE-2016-0794 CVE-2016-0795

An anonymous contributor working with VeriSign iDefense Labs
discovered that libreoffice, a full-featured office productivity
suite, did not correctly handle Lotus WordPro files. This would enable
an attacker to crash the program, or execute arbitrary code, by
supplying a specially crafted LWP file.

For the oldstable distribution (wheezy), these problems have been fixed
in version 3.5.4+dfsg2-0+deb7u6.

For the stable distribution (jessie), these problems have been fixed in
version 4.3.3-2+deb8u3.

For the testing (stretch) and unstable (sid) distributions, these
problems have been fixed in version 1:5.1.1~rc1-1.

We recommend that you upgrade your libreoffice packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7armellibreoffice-gnome< 1:3.5.4+dfsg2-0+deb7u6libreoffice-gnome_1:3.5.4+dfsg2-0+deb7u6_armel.deb
Debian8armhflibreoffice-base-drivers< 1:4.3.3-2+deb8u3libreoffice-base-drivers_1:4.3.3-2+deb8u3_armhf.deb
Debian8armhflibreoffice-dev< 1:4.3.3-2+deb8u3libreoffice-dev_1:4.3.3-2+deb8u3_armhf.deb
Debian8amd64libreoffice-gtk< 1:4.3.3-2+deb8u3libreoffice-gtk_1:4.3.3-2+deb8u3_amd64.deb
Debian8alllibreoffice-l10n-de< 1:4.3.3-2+deb8u3libreoffice-l10n-de_1:4.3.3-2+deb8u3_all.deb
Debian8alllibreoffice-l10n-uk< 1:4.3.3-2+deb8u3libreoffice-l10n-uk_1:4.3.3-2+deb8u3_all.deb
Debian8powerpclibreoffice-core< 1:4.3.3-2+deb8u3libreoffice-core_1:4.3.3-2+deb8u3_powerpc.deb
Debian7armellibreoffice-pdfimport< 1.0.5+LibO3.5.4+dfsg2-0+deb7u6libreoffice-pdfimport_1.0.5+LibO3.5.4+dfsg2-0+deb7u6_armel.deb
Debian7kfreebsd-i386libreoffice-base< 1:3.5.4+dfsg2-0+deb7u6libreoffice-base_1:3.5.4+dfsg2-0+deb7u6_kfreebsd-i386.deb
Debian7alllibreoffice-script-provider-js< 1:3.5.4+dfsg2-0+deb7u6libreoffice-script-provider-js_1:3.5.4+dfsg2-0+deb7u6_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	armel	libreoffice-gnome	< 1:3.5.4+dfsg2-0+deb7u6	libreoffice-gnome_1:3.5.4+dfsg2-0+deb7u6_armel.deb
Debian	8	armhf	libreoffice-base-drivers	< 1:4.3.3-2+deb8u3	libreoffice-base-drivers_1:4.3.3-2+deb8u3_armhf.deb
Debian	8	armhf	libreoffice-dev	< 1:4.3.3-2+deb8u3	libreoffice-dev_1:4.3.3-2+deb8u3_armhf.deb
Debian	8	amd64	libreoffice-gtk	< 1:4.3.3-2+deb8u3	libreoffice-gtk_1:4.3.3-2+deb8u3_amd64.deb
Debian	8	all	libreoffice-l10n-de	< 1:4.3.3-2+deb8u3	libreoffice-l10n-de_1:4.3.3-2+deb8u3_all.deb
Debian	8	all	libreoffice-l10n-uk	< 1:4.3.3-2+deb8u3	libreoffice-l10n-uk_1:4.3.3-2+deb8u3_all.deb
Debian	8	powerpc	libreoffice-core	< 1:4.3.3-2+deb8u3	libreoffice-core_1:4.3.3-2+deb8u3_powerpc.deb
Debian	7	armel	libreoffice-pdfimport	< 1.0.5+LibO3.5.4+dfsg2-0+deb7u6	libreoffice-pdfimport_1.0.5+LibO3.5.4+dfsg2-0+deb7u6_armel.deb
Debian	7	kfreebsd-i386	libreoffice-base	< 1:3.5.4+dfsg2-0+deb7u6	libreoffice-base_1:3.5.4+dfsg2-0+deb7u6_kfreebsd-i386.deb
Debian	7	all	libreoffice-script-provider-js	< 1:3.5.4+dfsg2-0+deb7u6	libreoffice-script-provider-js_1:3.5.4+dfsg2-0+deb7u6_all.deb