Rapid7 Vulnerability & Exploit Database

RHSA-2015:0377: libreoffice security, bug fix, and enhancement update

Back to Search

RHSA-2015:0377: libreoffice security, bug fix, and enhancement update

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
07/03/2014
Created
07/25/2018
Added
03/09/2015
Modified
07/04/2017

Description

LibreOffice is an open source, community-developed office productivitysuite. It includes key desktop applications, such as a word processor, aspreadsheet, a presentation manager, a formula editor, and a drawingprogram. LibreOffice replaces OpenOffice and provides a similar butenhanced and extended office suite.It was found that LibreOffice documents executed macros unconditionally,without user approval, when these documents were opened using LibreOffice.An attacker could use this flaw to execute arbitrary code as the userrunning LibreOffice by embedding malicious VBA scripts in the document asmacros. (CVE-2014-0247)A flaw was found in the OLE (Object Linking and Embedding) generation inLibreOffice. An attacker could use this flaw to embed malicious OLE code ina LibreOffice document, allowing for arbitrary code execution.(CVE-2014-3575)A use-after-free flaw was found in the "Remote Control" capabilities of theLibreOffice Impress application. An attacker could use this flaw toremotely execute code with the permissions of the user running LibreOfficeImpress. (CVE-2014-3693)The libreoffice packages have been upgraded to upstream version 4.2.6.3,which provides a number of bug fixes and enhancements over the previousversion. Among others:All libreoffice users are advised to upgrade to these updated packages,which correct these issues and add these enhancements.

Solution(s)

  • redhat-upgrade-autocorr-af
  • redhat-upgrade-autocorr-bg
  • redhat-upgrade-autocorr-ca
  • redhat-upgrade-autocorr-cs
  • redhat-upgrade-autocorr-da
  • redhat-upgrade-autocorr-de
  • redhat-upgrade-autocorr-en
  • redhat-upgrade-autocorr-es
  • redhat-upgrade-autocorr-fa
  • redhat-upgrade-autocorr-fi
  • redhat-upgrade-autocorr-fr
  • redhat-upgrade-autocorr-ga
  • redhat-upgrade-autocorr-hr
  • redhat-upgrade-autocorr-hu
  • redhat-upgrade-autocorr-is
  • redhat-upgrade-autocorr-it
  • redhat-upgrade-autocorr-ja
  • redhat-upgrade-autocorr-ko
  • redhat-upgrade-autocorr-lb
  • redhat-upgrade-autocorr-lt
  • redhat-upgrade-autocorr-mn
  • redhat-upgrade-autocorr-nl
  • redhat-upgrade-autocorr-pl
  • redhat-upgrade-autocorr-pt
  • redhat-upgrade-autocorr-ro
  • redhat-upgrade-autocorr-ru
  • redhat-upgrade-autocorr-sk
  • redhat-upgrade-autocorr-sl
  • redhat-upgrade-autocorr-sr
  • redhat-upgrade-autocorr-sv
  • redhat-upgrade-autocorr-tr
  • redhat-upgrade-autocorr-vi
  • redhat-upgrade-autocorr-zh
  • redhat-upgrade-libabw
  • redhat-upgrade-libabw-debuginfo
  • redhat-upgrade-libabw-devel
  • redhat-upgrade-libabw-doc
  • redhat-upgrade-libabw-tools
  • redhat-upgrade-libcmis
  • redhat-upgrade-libcmis-debuginfo
  • redhat-upgrade-libcmis-devel
  • redhat-upgrade-libcmis-tools
  • redhat-upgrade-libetonyek
  • redhat-upgrade-libetonyek-debuginfo
  • redhat-upgrade-libetonyek-devel
  • redhat-upgrade-libetonyek-doc
  • redhat-upgrade-libetonyek-tools
  • redhat-upgrade-libfreehand
  • redhat-upgrade-libfreehand-debuginfo
  • redhat-upgrade-libfreehand-devel
  • redhat-upgrade-libfreehand-doc
  • redhat-upgrade-libfreehand-tools
  • redhat-upgrade-liblangtag
  • redhat-upgrade-liblangtag-debuginfo
  • redhat-upgrade-liblangtag-devel
  • redhat-upgrade-liblangtag-doc
  • redhat-upgrade-liblangtag-gobject
  • redhat-upgrade-libmwaw
  • redhat-upgrade-libmwaw-debuginfo
  • redhat-upgrade-libmwaw-devel
  • redhat-upgrade-libmwaw-doc
  • redhat-upgrade-libmwaw-tools
  • redhat-upgrade-libodfgen
  • redhat-upgrade-libodfgen-debuginfo
  • redhat-upgrade-libodfgen-devel
  • redhat-upgrade-libodfgen-doc
  • redhat-upgrade-libreoffice
  • redhat-upgrade-libreoffice-base
  • redhat-upgrade-libreoffice-bsh
  • redhat-upgrade-libreoffice-calc
  • redhat-upgrade-libreoffice-core
  • redhat-upgrade-libreoffice-debuginfo
  • redhat-upgrade-libreoffice-draw
  • redhat-upgrade-libreoffice-emailmerge
  • redhat-upgrade-libreoffice-filters
  • redhat-upgrade-libreoffice-gdb-debug-support
  • redhat-upgrade-libreoffice-glade
  • redhat-upgrade-libreoffice-graphicfilter
  • redhat-upgrade-libreoffice-headless
  • redhat-upgrade-libreoffice-impress
  • redhat-upgrade-libreoffice-langpack-af
  • redhat-upgrade-libreoffice-langpack-ar
  • redhat-upgrade-libreoffice-langpack-as
  • redhat-upgrade-libreoffice-langpack-bg
  • redhat-upgrade-libreoffice-langpack-bn
  • redhat-upgrade-libreoffice-langpack-br
  • redhat-upgrade-libreoffice-langpack-ca
  • redhat-upgrade-libreoffice-langpack-cs
  • redhat-upgrade-libreoffice-langpack-cy
  • redhat-upgrade-libreoffice-langpack-da
  • redhat-upgrade-libreoffice-langpack-de
  • redhat-upgrade-libreoffice-langpack-dz
  • redhat-upgrade-libreoffice-langpack-el
  • redhat-upgrade-libreoffice-langpack-en
  • redhat-upgrade-libreoffice-langpack-es
  • redhat-upgrade-libreoffice-langpack-et
  • redhat-upgrade-libreoffice-langpack-eu
  • redhat-upgrade-libreoffice-langpack-fa
  • redhat-upgrade-libreoffice-langpack-fi
  • redhat-upgrade-libreoffice-langpack-fr
  • redhat-upgrade-libreoffice-langpack-ga
  • redhat-upgrade-libreoffice-langpack-gl
  • redhat-upgrade-libreoffice-langpack-gu
  • redhat-upgrade-libreoffice-langpack-he
  • redhat-upgrade-libreoffice-langpack-hi
  • redhat-upgrade-libreoffice-langpack-hr
  • redhat-upgrade-libreoffice-langpack-hu
  • redhat-upgrade-libreoffice-langpack-it
  • redhat-upgrade-libreoffice-langpack-ja
  • redhat-upgrade-libreoffice-langpack-kk
  • redhat-upgrade-libreoffice-langpack-kn
  • redhat-upgrade-libreoffice-langpack-ko
  • redhat-upgrade-libreoffice-langpack-lt
  • redhat-upgrade-libreoffice-langpack-lv
  • redhat-upgrade-libreoffice-langpack-mai
  • redhat-upgrade-libreoffice-langpack-ml
  • redhat-upgrade-libreoffice-langpack-mr
  • redhat-upgrade-libreoffice-langpack-nb
  • redhat-upgrade-libreoffice-langpack-nl
  • redhat-upgrade-libreoffice-langpack-nn
  • redhat-upgrade-libreoffice-langpack-nr
  • redhat-upgrade-libreoffice-langpack-nso
  • redhat-upgrade-libreoffice-langpack-or
  • redhat-upgrade-libreoffice-langpack-pa
  • redhat-upgrade-libreoffice-langpack-pl
  • redhat-upgrade-libreoffice-langpack-pt-br
  • redhat-upgrade-libreoffice-langpack-pt-pt
  • redhat-upgrade-libreoffice-langpack-ro
  • redhat-upgrade-libreoffice-langpack-ru
  • redhat-upgrade-libreoffice-langpack-si
  • redhat-upgrade-libreoffice-langpack-sk
  • redhat-upgrade-libreoffice-langpack-sl
  • redhat-upgrade-libreoffice-langpack-sr
  • redhat-upgrade-libreoffice-langpack-ss
  • redhat-upgrade-libreoffice-langpack-st
  • redhat-upgrade-libreoffice-langpack-sv
  • redhat-upgrade-libreoffice-langpack-ta
  • redhat-upgrade-libreoffice-langpack-te
  • redhat-upgrade-libreoffice-langpack-th
  • redhat-upgrade-libreoffice-langpack-tn
  • redhat-upgrade-libreoffice-langpack-tr
  • redhat-upgrade-libreoffice-langpack-ts
  • redhat-upgrade-libreoffice-langpack-uk
  • redhat-upgrade-libreoffice-langpack-ve
  • redhat-upgrade-libreoffice-langpack-xh
  • redhat-upgrade-libreoffice-langpack-zh-hans
  • redhat-upgrade-libreoffice-langpack-zh-hant
  • redhat-upgrade-libreoffice-langpack-zu
  • redhat-upgrade-libreoffice-librelogo
  • redhat-upgrade-libreoffice-math
  • redhat-upgrade-libreoffice-nlpsolver
  • redhat-upgrade-libreoffice-ogltrans
  • redhat-upgrade-libreoffice-opensymbol-fonts
  • redhat-upgrade-libreoffice-pdfimport
  • redhat-upgrade-libreoffice-postgresql
  • redhat-upgrade-libreoffice-pyuno
  • redhat-upgrade-libreoffice-rhino
  • redhat-upgrade-libreoffice-sdk
  • redhat-upgrade-libreoffice-sdk-doc
  • redhat-upgrade-libreoffice-ure
  • redhat-upgrade-libreoffice-wiki-publisher
  • redhat-upgrade-libreoffice-writer
  • redhat-upgrade-libreoffice-xsltfilter
  • redhat-upgrade-mdds-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;