[SECURITY] [DSA 3792-1] libreoffice security update

2017-02-2322:13:34

lists.debian.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

28.4%

JSON

Debian Security Advisory DSA-3792-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
February 23, 2017 https://www.debian.org/security/faq

Package : libreoffice
CVE ID : CVE-2017-3157

Ben Hayak discovered that objects embedded in Writer and Calc documents
may result in information disclosure. Please see
https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/
for additional information.

For the stable distribution (jessie), this problem has been fixed in
version 1:4.3.3-2+deb8u6.

For the testing distribution (stretch), this problem has been fixed
in version 1:5.2.3-1.

For the unstable distribution (sid), this problem has been fixed in
version 1:5.2.3-1.

We recommend that you upgrade your libreoffice packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7alllibreoffice-help-gl< 1:3.5.4+dfsg2-0+deb7u9libreoffice-help-gl_1:3.5.4+dfsg2-0+deb7u9_all.deb
Debian8kfreebsd-amd64libreoffice-gtk3< 1:4.3.3-2+deb8u6libreoffice-gtk3_1:4.3.3-2+deb8u6_kfreebsd-amd64.deb
Debian8armhflibreoffice-mysql-connector< 1.0.2+LibO4.3.3-2+deb8u6libreoffice-mysql-connector_1.0.2+LibO4.3.3-2+deb8u6_armhf.deb
Debian8i386libreoffice-officebean< 1:4.3.3-2+deb8u6libreoffice-officebean_1:4.3.3-2+deb8u6_i386.deb
Debian8alllibreoffice-l10n-dz< 1:4.3.3-2+deb8u6libreoffice-l10n-dz_1:4.3.3-2+deb8u6_all.deb
Debian8arm64libreoffice-gtk< 1:4.3.3-2+deb8u6libreoffice-gtk_1:4.3.3-2+deb8u6_arm64.deb
Debian8s390xlibreoffice-pdfimport< 1:4.3.3-2+deb8u6libreoffice-pdfimport_1:4.3.3-2+deb8u6_s390x.deb
Debian7alllibreoffice-help-ca< 1:3.5.4+dfsg2-0+deb7u9libreoffice-help-ca_1:3.5.4+dfsg2-0+deb7u9_all.deb
Debian7alllibreoffice-l10n-in< 1:3.5.4+dfsg2-0+deb7u9libreoffice-l10n-in_1:3.5.4+dfsg2-0+deb7u9_all.deb
Debian7alllibreoffice-l10n-ru< 1:3.5.4+dfsg2-0+deb7u9libreoffice-l10n-ru_1:3.5.4+dfsg2-0+deb7u9_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	all	libreoffice-help-gl	< 1:3.5.4+dfsg2-0+deb7u9	libreoffice-help-gl_1:3.5.4+dfsg2-0+deb7u9_all.deb
Debian	8	kfreebsd-amd64	libreoffice-gtk3	< 1:4.3.3-2+deb8u6	libreoffice-gtk3_1:4.3.3-2+deb8u6_kfreebsd-amd64.deb
Debian	8	armhf	libreoffice-mysql-connector	< 1.0.2+LibO4.3.3-2+deb8u6	libreoffice-mysql-connector_1.0.2+LibO4.3.3-2+deb8u6_armhf.deb
Debian	8	i386	libreoffice-officebean	< 1:4.3.3-2+deb8u6	libreoffice-officebean_1:4.3.3-2+deb8u6_i386.deb
Debian	8	all	libreoffice-l10n-dz	< 1:4.3.3-2+deb8u6	libreoffice-l10n-dz_1:4.3.3-2+deb8u6_all.deb
Debian	8	arm64	libreoffice-gtk	< 1:4.3.3-2+deb8u6	libreoffice-gtk_1:4.3.3-2+deb8u6_arm64.deb
Debian	8	s390x	libreoffice-pdfimport	< 1:4.3.3-2+deb8u6	libreoffice-pdfimport_1:4.3.3-2+deb8u6_s390x.deb
Debian	7	all	libreoffice-help-ca	< 1:3.5.4+dfsg2-0+deb7u9	libreoffice-help-ca_1:3.5.4+dfsg2-0+deb7u9_all.deb
Debian	7	all	libreoffice-l10n-in	< 1:3.5.4+dfsg2-0+deb7u9	libreoffice-l10n-in_1:3.5.4+dfsg2-0+deb7u9_all.deb
Debian	7	all	libreoffice-l10n-ru	< 1:3.5.4+dfsg2-0+deb7u9	libreoffice-l10n-ru_1:3.5.4+dfsg2-0+deb7u9_all.deb