15 Jun 2012 14:05
[ MDVSA-2012:091 ] libreoffice
<security <at> mandriva.com>
2012-06-15 12:05:01 GMT
2012-06-15 12:05:01 GMT
_______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:091 http://www.mandriva.com/security/ _______________________________________________________________________ Package : libreoffice Date : June 14, 2012 Affected: 2011. _______________________________________________________________________ Problem Description: Security issues were identified and fixed in libreoffice: An integer overflow vulnerability in the libreoffice graphic loading code could allow a remote attacker to cause a denial of service (application crash) or potentially execute arbitrary code (CVE-2012-1149). An integer overflow flaw, leading to buffer overflow, was found in the way libreoffice processed invalid Escher graphics records length in PowerPoint documents. An attacker could provide a specially-crafted PowerPoint document that, when opened, would cause libreoffice to crash or, potentially, execute arbitrary code with the privileges of the user running libreoffice (CVE-2012-2334). libreoffice for Mandriva Linux 2011 has been upgraded to the 3.5.4 version which is not vulnerable to these issues.(Continue reading)
RSS Feed