U radu programskih paketa libreoffice i libreoffice-l10n uočena su dva sigurnosna propusta. Moguće ih je iskoristiti udaljeno, za pokretanje proizvoljnog programskog koda ili izvođenje DoS napada.
Paket:
libreoffice 3.x
Operacijski sustavi:
Ubuntu Linux 11.04, Ubuntu Linux 11.10
Kritičnost:
6.5
Problem:
cjelobrojno prepisivanje, pogreška u programskoj komponenti
==========================================================================
Ubuntu Security Notice USN-1495-1
July 02, 2012
libreoffice, libreoffice-l10n vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
LibreOffice could be made to crash or potentially run programs as your
login if it opened a specially crafted file.
Software Description:
- libreoffice: Office productivity suite
- libreoffice-l10n: Office productivity suite help
Details:
Integer overflows were discovered in the graphics loading code of several
different image types. If a user were tricked into opening a specially
crafted file, an attacker could cause LibreOffice to crash or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-1149)
Sven Jacobi discovered an integer overflow when processing Escher graphics
records. If a user were tricked into opening a specially crafted PowerPoint
file, an attacker could cause LibreOffice to crash or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2012-2334)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libreoffice-core 1:3.4.4-0ubuntu1.2
libreoffice-l10n-common 1:3.4.4-0ubuntu1.2
Ubuntu 11.04:
libreoffice-core 1:3.3.4-0ubuntu1.2
libreoffice-l10n-common 1:3.3.3-1ubuntu1.2
After a standard system update you need to restart LibreOffice to make all
the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1495-1
CVE-2012-1149, CVE-2012-2334
Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:3.4.4-0ubuntu1.2
https://launchpad.net/ubuntu/+source/libreoffice-l10n/1:3.4.4-0ubuntu1.2
https://launchpad.net/ubuntu/+source/libreoffice/1:3.3.4-0ubuntu1.2
https://launchpad.net/ubuntu/+source/libreoffice-l10n/1:3.3.3-1ubuntu1.2
Posljednje sigurnosne preporuke