Lucene search

Gentoo FoundationMGASA-2014-0446

HistoryNov 14, 2014 - 4:24 a.m.

Updated libreoffice packages fix security vulnerability

2014-11-1404:24:42

Gentoo Foundation

advisories.mageia.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

59.0%

JSON

A vulnerability in LibreOffice allows an attacker to send a document which when opened will trigger the prompt to “Update Links” but if the user cancels that prompt may still generate and insert into the document an OLE2 preview image of a file on the victims filesystem, Data exposure is possible if the updated document is then distributed to other parties (CVE-2014-3575). LibreOffice has been patched to fix this issue.

OSVersionArchitecturePackageVersionFilename
Mageia3noarchlibreoffice< 4.0.6.2-3libreoffice-4.0.6.2-3.mga3

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	libreoffice	< 4.0.6.2-3	libreoffice-4.0.6.2-3.mga3

References

www.libreoffice.org/about-us/security/advisories/cve-2014-3575/

bugs.mageia.org/show_bug.cgi?id=13580

lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

59.0%

JSON

Related for MGASA-2014-0446