ALT Linux Team

Package LibreOffice update in sisyphus on 2018-06-07

ALT-PU-2018-1864-1

Package LibreOffice updated to version 6.0.5.1-alt1 for branch sisyphus in task 207935.

Closed vulnerabilities

Published: 2018-04-16

BDU:2019-00713

Уязвимость функции SwCTBWrapper :: Read пакета офисных программ LibreOffice, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: LOW (3.3) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
References:
Published: 2018-04-16
Modified: 2024-11-21

CVE-2018-10120

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a customizations index, which allows remote attackers to cause a denial of service (heap-based buffer overflow with write access) or possibly have unspecified other impact via a crafted document that contains a certain Microsoft Word record.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2018-08-05
Modified: 2024-11-21

CVE-2018-14939

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:

Closed bugs

Bug #32699

draw.desktop не поддерживает .vsdx

Bug #33136

Пропала интеграция с КДЕ5

Bug #34765

New version 6.0.3.2

Bug #34825

LibreOffice: missing /usr/bin/libreoffice

VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top