USN-2793-1: LibreOffice vulnerabilities

Releases

• Ubuntu 15.04
• Ubuntu 14.04 ESM
• Ubuntu 12.04

Packages

• libreoffice - Office productivity suite

Details

Federico Scrinzi discovered that LibreOffice incorrectly handled documents
inserted into Writer or Calc via links. If a user were tricked into opening
a specially crafted document, a remote attacker could possibly obtain the
contents of arbitrary files. (CVE-2015-4551)

It was discovered that LibreOffice incorrectly handled PrinterSetup data
stored in ODF files. If a user were tricked into opening a specially
crafted ODF document, a remote attacker could cause LibreOffice to crash,
and possibly execute arbitrary code. (CVE-2015-5212)

It was discovered that LibreOffice incorrectly handled the number of pieces
in DOC files. If a user were tricked into opening a specially crafted DOC
document, a remote attacker could cause LibreOffice to crash, and possibly
execute arbitrary code. (CVE-2015-5213)

It was discovered that LibreOffice incorrectly handled bookmarks in DOC
files. If a user were tricked into opening a specially crafted DOC
document, a remote attacker could cause LibreOffice to crash, and possibly
execute arbitrary code. (CVE-2015-5214)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04

• libreoffice-core - 1:4.4.6~rc3-0ubuntu1

Ubuntu 14.04

• libreoffice-core - 1:4.2.8-0ubuntu3

Ubuntu 12.04

• libreoffice-core - 1:3.5.7-0ubuntu9

After a standard system update you need to restart LibreOffice to make all
the necessary changes.

References

• CVE-2015-4551
• CVE-2015-5212
• CVE-2015-5213
• CVE-2015-5214