USN-2793-1: LibreOffice vulnerabilities

Ubuntu Security Notice USN-2793-1

5th November, 2015

libreoffice vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 15.04
• Ubuntu 14.04 LTS
• Ubuntu 12.04 LTS

Summary

Several security issues were fixed in LibreOffice.

Software description

• libreoffice - Office productivity suite

Details

Federico Scrinzi discovered that LibreOffice incorrectly handled documents
inserted into Writer or Calc via links. If a user were tricked into opening
a specially crafted document, a remote attacker could possibly obtain the
contents of arbitrary files. (CVE-2015-4551)

It was discovered that LibreOffice incorrectly handled PrinterSetup data
stored in ODF files. If a user were tricked into opening a specially
crafted ODF document, a remote attacker could cause LibreOffice to crash,
and possibly execute arbitrary code. (CVE-2015-5212)

It was discovered that LibreOffice incorrectly handled the number of pieces
in DOC files. If a user were tricked into opening a specially crafted DOC
document, a remote attacker could cause LibreOffice to crash, and possibly
execute arbitrary code. (CVE-2015-5213)

It was discovered that LibreOffice incorrectly handled bookmarks in DOC
files. If a user were tricked into opening a specially crafted DOC
document, a remote attacker could cause LibreOffice to crash, and possibly
execute arbitrary code. (CVE-2015-5214)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 15.04:

libreoffice-core 1:4.4.6~rc3-0ubuntu1

Ubuntu 14.04 LTS:

libreoffice-core 1:4.2.8-0ubuntu3

Ubuntu 12.04 LTS:

libreoffice-core 1:3.5.7-0ubuntu9

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to restart LibreOffice to make all
the necessary changes.

References

CVE-2015-4551, CVE-2015-5212, CVE-2015-5213, CVE-2015-5214

from Ubuntu Security Notices http://ift.tt/1Wz2vJv