Package LibreOffice updated to version 6.0.1.1-alt1 for branch sisyphus in task 200774.

Published: 2018-02-09

BDU:2019-00714

Уязвимость компонента COM.MICROSOFT.WEBSERVICE пакета офисных программ LibreOffice, позволяющая нарушителю получить доступ к защищаемой информации

Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2018-6871

Published: 2018-04-16

BDU:2019-00715

Уязвимость функции SwCTBWrapper :: Read пакета офисных программ LibreOffice, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: LOW (3.3) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References:

CVE-2018-10119

Published: 2018-04-16
Modified: 2024-11-21

CVE-2018-10119

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service (use-after-free with write access) or possibly have unspecified other impact via a crafted document that uses the structured storage ole2 wrapper file format.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2018-02-09
Modified: 2024-11-21

CVE-2018-6871

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Package LibreOffice update in sisyphus on 2018-02-22

ALT-PU-2018-1273-1

Closed vulnerabilities

BDU:2019-00714

BDU:2019-00715

CVE-2018-10119

CVE-2018-6871