ID CVE-2015-4551
Summary LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow remote attackers to obtain sensitive information via a crafted document, which embeds data from local files into (1) Calc or (2) Writer.
References
Vulnerable Configurations
  • cpe:2.3:a:libreoffice:libreoffice:4.4.4
    cpe:2.3:a:libreoffice:libreoffice:4.4.4
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 15.04
    cpe:2.3:o:canonical:ubuntu_linux:15.04
  • Apache Software Foundation OpenOffice 4.1.1
    cpe:2.3:a:apache:openoffice:4.1.1
CVSS
Base: 4.3 (as of 12-11-2015 - 14:30)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_LIBREOFFICE_445.NASL
    description The version of LibreOffice installed on the remote Mac OS X host is prior to 4.4.5. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists due to the use of stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links. A remote attacker can exploit this, via a specially crafted ODF document, to to obtain sensitive information. (CVE-2015-4551) - An integer underflow condition exists in the ReadJobSetup() function due to improper validation of user-supplied input when handling printer settings. A remote attacker can exploit this, via specially crafted PrinterSetup data in an ODF document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-5212) - An integer underflow condition exists in the WW8ScannerBase::OpenPieceTable() function due to improper validation of user-supplied input when handling the PieceTable counter. A remote attacker can exploit this, via a specially crafted .DOC file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-5213) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 86902
    published 2015-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86902
    title LibreOffice < 4.4.5 Multiple Vulnerabilities (Mac OS X)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201603-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201603-05 (LibreOffice, OpenOffice: Multiple vulnerabilities) Multiple vulnerabilities were found in both LibreOffice and OpenOffice that allow the remote execution of arbitrary code and potential Denial of Service. These vulnerabilities may be exploited through multiple vectors including crafted documents, link handling, printer setup in ODF document types, DOC file formats, and Calc spreadsheets. Please review the referenced CVE’s for specific information regarding each. Impact : A remote attacker could entice a user to open a specially crafted file using the LibreOffice or OpenOffice suite of software. Execution of these attacks could possibly result in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known work around at this time.
    last seen 2019-02-21
    modified 2016-03-10
    plugin id 89811
    published 2016-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89811
    title GLSA-201603-05 : LibreOffice, OpenOffice: Multiple vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-2619.NASL
    description Updated libreoffice packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim. (CVE-2015-4551) An integer underflow flaw leading to a heap-based buffer overflow when parsing PrinterSetup data was discovered. By tricking a user into opening a specially crafted document, an attacker could possibly exploit this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5212) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way LibreOffice processed certain Microsoft Word .doc files. By tricking a user into opening a specially crafted Microsoft Word .doc document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5213) It was discovered that LibreOffice did not properly sanity check bookmark indexes. By tricking a user into opening a specially crafted document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5214) All libreoffice users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87337
    published 2015-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87337
    title RHEL 6 / 7 : libreoffice (RHSA-2015:2619)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20151214_LIBREOFFICE_ON_SL6_X.NASL
    description It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim. (CVE-2015-4551) An integer underflow flaw leading to a heap-based buffer overflow when parsing PrinterSetup data was discovered. By tricking a user into opening a specially crafted document, an attacker could possibly exploit this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5212) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way LibreOffice processed certain Microsoft Word .doc files. By tricking a user into opening a specially crafted Microsoft Word .doc document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5213) It was discovered that LibreOffice did not properly sanity check bookmark indexes. By tricking a user into opening a specially crafted document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5214)
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 87400
    published 2015-12-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87400
    title Scientific Linux Security Update : libreoffice on SL6.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2793-1.NASL
    description Federico Scrinzi discovered that LibreOffice incorrectly handled documents inserted into Writer or Calc via links. If a user were tricked into opening a specially crafted document, a remote attacker could possibly obtain the contents of arbitrary files. (CVE-2015-4551) It was discovered that LibreOffice incorrectly handled PrinterSetup data stored in ODF files. If a user were tricked into opening a specially crafted ODF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2015-5212) It was discovered that LibreOffice incorrectly handled the number of pieces in DOC files. If a user were tricked into opening a specially crafted DOC document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2015-5213) It was discovered that LibreOffice incorrectly handled bookmarks in DOC files. If a user were tricked into opening a specially crafted DOC document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2015-5214). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 86784
    published 2015-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86784
    title Ubuntu 12.04 LTS / 14.04 LTS / 15.04 : libreoffice vulnerabilities (USN-2793-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201611-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201611-03 (LibreOffice, OpenOffice: Multiple vulnerabilities) Multiple vulnerabilities have been found in both LibreOffice and OpenOffice. Please review the referenced CVE’s for specific information regarding each. Impact : Remote attackers could obtain sensitive information, cause a Denial of Service condition, or execute arbitrary code. Workaround : There is no known work around at this time.
    last seen 2019-02-21
    modified 2017-03-06
    plugin id 94594
    published 2016-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94594
    title GLSA-201611-03 : LibreOffice, OpenOffice: Multiple vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3394.NASL
    description Multiple vulnerabilities have been discovered in LibreOffice, a full-featured office productivity : - CVE-2015-4551 Federico Scrinzi discovered an information leak in the handling of ODF documents. Quoting from: The LinkUpdateMode feature controls whether documents inserted into Writer or Calc via links will either not get updated, or prompt to update, or automatically update, when the parent document is loaded. The configuration of this option was stored in the document. That flawed approach enabled documents to be crafted with links to plausible targets on the victims host computer. The contents of those automatically inserted after load links can be concealed in hidden sections and retrieved by the attacker if the document is saved and returned to sender, or via http requests if the user has selected lower security settings for that document. - CVE-2015-5212 A buffer overflow in parsing the printer setup information in ODF documents may result in the execution of arbitrary code. - CVE-2015-5213 / CVE-2015-5214 A buffer overflow and an integer overflow in parsing Microsoft Word documents may result in the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86772
    published 2015-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86772
    title Debian DSA-3394-1 : libreoffice - security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_18B3C61B83DE11E5905BAC9E174BE3AF.NASL
    description The Apache OpenOffice Project reports : A vulnerability in OpenOffice settings of OpenDocument Format files and templates allows silent access to files that are readable from an user account, over-riding the user's default configuration settings. Once these files are imported into a maliciously-crafted document, the data can be silently hidden in the document and possibly exported to an external party without being observed. The Apache OpenOffice Project reports : A crafted ODF document can be used to create a buffer that is too small for the amount of data loaded into it, allowing an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code. The Apache OpenOffice Project reports : A crafted Microsoft Word DOC file can be used to specify a document buffer that is too small for the amount of data provided for it. Failure to detect the discrepancy allows an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code. The Apache OpenOffice Project reports : A crafted Microsoft Word DOC can contain invalid bookmark positions leading to memory corruption when the document is loaded or bookmarks are manipulated. The defect allows an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 86775
    published 2015-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86775
    title FreeBSD : OpenOffice 4.1.1 -- multiple vulnerabilities (18b3c61b-83de-11e5-905b-ac9e174be3af)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-273.NASL
    description This update for LibreOffice and some library dependencies (cmis-client, libetonyek, libmwaw, libodfgen, libpagemaker, libreoffice-share-linker, mdds, libwps) fixes the following issues : Changes in libreoffice : - Provide l10n-pt from pt-PT - boo#945047 - LO-L3: LO is duplicating master pages, extended fix - boo#951579 - LO-L3: [LibreOffice] Calc 5.0 fails to open ods files - deleted RPATH prevented loading of bundled 3rd party RDF handler libs - Version update to 5.0.4.2 : - Final of the 5.0.4 series - boo#945047 - LO-L3: LO is duplicating master pages - Version update to 5.0.4.1 : - rc1 of 5.0.4 with various regression fixes - boo#954345 - LO-L3: Insert-->Image-->Insert as Link hangs writer - Version update to 5.0.3.2 : - Final tag of 5.0.3 release - Fix boo#939996 - LO-L3: Some bits from DOCX file are not imported - Fix boo#889755 - LO-L3: PPTX: chart axis number format incorrect - boo#679938 - LO-L3: saving to doc file the chapter name in the header does not change with chapters - Version update to 5.0.3RC1 as it should fix i586 test failure - Update text2number extension to 1.5.0 - obsolete libreoffice-mono - pentaho-flow-reporting require is conditional on system_libs - Update icon theme dependencies - https://lists.debian.org/debian-openoffice/2015/09/msg00343.html - Version bump to 5.0.2 final fate#318856 fate#319071 boo#943075 boo#945692 : - Small tweaks compared to rc1 - For sake of completion this release also contains security fixes for boo#910806 CVE-2014-8147, boo#907636 CVE-2014-9093, boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146, boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213, boo#936188 CVE-2015-5212, boo#934423 CVE-2015-45513, boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146, boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213, boo#936188 CVE-2015-5212, boo#934423 CVE-2015-45513, boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146, boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213, boo#936188 CVE-2015-5212, boo#934423 CVE-2015-4551 - Use gcc48 to build on sle11sp4 - Make debuginfo's smaller on IBS. - Fix chrpath call after the libs got -lo suffixing - Add patch to fix qt4 features detection : - kde4filepicker.patch - Split out gtk3 UI to separate subpkg that requires gnome subpkg - This is to allow people to test gtk3 while it not being default - Version update to 5.0.2 rc1 : - Various small tweaks and integration of our SLE11 patchsets - Update constraints to 30 GB on disk - Version bump to 5.0.1 rc2 : - breeze icons extension - Credits update - Various small fixes - Version bump to 5.0.1 rc1 : - Various small fixes - Has some commits around screen rendering -> could fix kde bugs - Kill branding-openSUSE, stick to TDF branding. - Version bump to 5.0 rc5 : - Bunch of final touchups here and there - Remove some upstreamed patches : - old-cairo.patch - Add explicit requires over libmysqlclient_r18, should cover boo#829430 - Add patch to build with old cairo (sle11). - Version bump to 5.0 rc3 : - Various more fixes closing on the 5.0 release - Update to 5.0 rc2 : - Few small fixes and updates in internal libraries - Version bump to 5.0 rc1, remove obsolete patches : - 0001-Fix-could-not-convert-.-const-char-to-const-rtl-OUS t.patch - 0001-writerperfect-fix-gcc-4.7-build.patch - More chrpat love for sle11 - Add python-importlib to build/requirements on py2 distros - Provide/obsolete crystal icons so they are purged and not left over - Fix breeze icons handling, drop crystal icons. - Version bump to 5.0.0.beta3 : - Drop merged patch 0001-Make-cpp-poppler-version.h-header-optional.patch - Update some internal tarballs so we keep building - based on these bumps update the buildrequires too - Generate python cache files wrt boo#929793 - Update %post scriptlets to work on sle11 again - Split out the share -> lib linker to hopefully allow sle11 build - One more fix for help handling boo#915996 - Version bump to 4.4.3 release : - Various small fixes all around - Disable verbose build to pass check on maximal size of log - We need pre/post for libreoffice in langpkgs - Use old java for detection and old commons-lang/codec to pass brp check on java from sle11 - 0001-Make-HAVE_JAVA6-be-always-false.patch - Revert last changeset, it is caused by something else this time : - 0001-Set-source-and-target-params-for-java.patch - Set source/target for javac when building to work on SLE11 : - 0001-Set-source-and-target-params-for-java.patch - Try to deal with rpath on bundled libs - Fix python3_sitelib not being around for py2 - Add internal make for too old system - One more stab on poppler switch : - 0001-Make-cpp-poppler-version.h-header-optional.patch - Update the old-poppler patch to work correctly : - 0001-Make-cpp-poppler-version.h-header-optional.patch - Sort out more external tarballs for the no-system-libs approach - Add basic external tarballs needed for without-system-libraries - Add patch to check for poppler more nicely to work on older distros : - 0001-Make-cpp-poppler-version.h-header-optional.patch - Try to pass configure without system libs - Allow switch between py2 and py3 - Move external dependencies in conditional thus allow build on SLE11 - Add conditional for noarch subpackages - Add switch in configure to detect more of internal/external stuff - Add conditional for appdatastore thing and redo it to impact the spec less - Add systemlibs switch to be used in attempt to build sle11 build - Silence more scarry messages by boo#900186 - Fixes autocorr symlinking - Cleans UNO cache in more pretty way - Clean up the uno cache removal to not display scarry message boo#900186 - Remove patch to look for help in /usr/share, we symlink it back to lib, so there is no actual need to search for it directly, migth fix boo#915996 : - officecfg-help-in-usr-share.diff - --disable-collada - reportedly it does not work in LibreOffice 4.4 - added version numbers to some BuildRequires lines - Require flow engine too on base - Fix build on SLE12 and 13.1 by adding conditional for appdata install - Fixup the installed appdata.xml files: they reference a .desktop file that are not installed by libreoffice (boo#926375). - Version bump to 4.4.2 : - 2nd bugfix update for the 4.4 series - BuildRequires: libodfgen-devel >= 0.1 - added version numbers to some BuildRequires lines - build does not require python3-lxml - build requires librevenge-devel >= 0.0.1 - vlc media backend is broken, don't use it. Only gstreamer should be used. - Install the .appdata.xml files shipped by upstream: allow LO to be shown in AppStream based software centers. - Move pretrans to pre - Version bump to 4.4.1 first bugfix release of the series - Reduce bit the compilation preparations as we prepped most of the things by _constraints and it is no longer needed - %pre is not enough the script needs to be rewritten in lua - Move removal of obsolete dirs from %pretrans to %pre boo#916181 - Version bump to 4.4.0 final : - First in the 4.4 series - First release to have the new UI elements without old hardcoded sizes - Various improvements all around. - Version bump to 4.4.0rc2 : - Various bugfixes, just bumping to see if we still build fine. - That verbose switch for configure was really really bad idea - generic images.zip for galaxy icons seem gone so remove - Do not supplement kde3 stuff, it is way beyond obsolete - Remove vlc conditional - korea.xcd is no more so remove - Really use mergelib - Disable telepathy, it really is experimental like hell - Version bump to 4.4.0rc1 : - New 4.4 branch release with additional features - Enable collada : - New bundled collada2gltf tarball: 4b87018f7fff1d054939d19920b751a0-collada2gltf-master-cb1 d97788a.tar.bz2 - Remove errorous self-obsolete in lang pkgs. - Version bump to 4.3.3.2 : - Various bugfixes from maintenance branch to copy openSUSE. - Also contains fix for boo#900214 and boo#900218 CVE-2014-3693 - fix regression in bullets (boo#897903). - Add masterpage_style_parent.odp as new file for regression test for bullets. Changes in cmis-client : - Update to version 0.5.0 + Completely removed the dependency on InMemory server for unit tests + Minimized the number of HTTP requests sent by SessionFactory::createSession + Added Session::getBaseTypes() - Bump soname to 0_5-5 - Bump incname to 0.5 Changes in libetonyek : - Version bump to 0.1.3 : - Various small fixes - More imported now imported - Now use mdds to help with some hashing - Version bump to 0.1.2 : - Initial support for pages and numbers - Ditch libetonyek-0.1.1-constants.patch as we do not require us to build for older boost Changes in libmwaw : - Version bump to 0.3.6 : - Added a minimal parser for ApplePict v1.v2, ie. no clipping, does not take in account the copy mode: srcCopy, srcOr, ... - Extended the --with-docs configure option to allow to build doc only for the API classes: --with-docs=no|api|full . - Added a parser for MacDraft v4-v5 documents. - RagTime v5-v6 parser: try to retrieve the main layouts and the picture/shape/textbox, ie. now, it generates result but it is still very imcomplete... - MWAW{Graphic,Presentation,Text}Listener: corrected a problem in openGroup which may create to incorrect document. - Created an MWAWEmbeddedObject class to store a picture with various representations. - MWAW*Listener: renamed insertPicture to insertShape, added a function to insert a texbox in a MWAWGraphicShape (which only insert a basic textbox). - Fixed many crashes and hangs when importing broken files, found with the help of american-fuzzy-lop. - And several other minor fixes and improvements. - Version bump to 0.3.5 - Various small fixes on 0.3 series, nothing big woth mention Changes in libodfgen : - Version bump to 0.1.4 : - drawing interface: do no forget to call startDocument/endDocument when writing in the manifest - metadata: added handler for 'template' metadata, unknown metadata are written in a meta:user-defined elements, - defineSheetNumberingStyle: can now define styles for the whole document (and not only for the actual sheet) - update doxygen configuration file + add a make astyle command - Allow writing meta:creation-date metadata element for drawings and presentations too. - Improve handling of headings. Most importantly, write valid ODF. - Write meta:generator metadata element. - Add initial support for embedded fonts. It is currently limited to Flat ODF output. - Upgrade to version 0.1.2 - Use text:h element for headings. Any paragraph with text:outline-level property is recognized as a heading. - Handle layers. - Improve handling of styles. Particularly, do not emit duplicate styles. - Slightly improve documentation. - Handle master pages. - Do not expect that integer properties are always in inches. - Fix misspelled style:paragraph-properties element in presentation notes. - Only export public symbols on Linux. - Fix bogus XML-escaping of metadata values. - And many other improvements and fixes. Changes in libpagemaker : - Initial package based on upstream libpagemaker 0.0.2 Changes in libreoffice-share-linker : - Initial commit, split out from main libreoffice package to workaround issues on SLE11 build Changes in mdds : - Update to version 0.12.1 : - Various small fixes on 0.12 series - Just move define up and comment why we redefine docdir - more types are possible in segment_tree data structures (previously only pointers were possible) - added sorted_string_map - multi_type_vector bugfixes Changes in libwps : - Update to version 0.4.1 : + QuattroPro: correct a mistake when reading negative cell's position. + Fix some Windows build problems. + Fix more than 10 hangs when reading damaged files, found with the help of american-fuzzy-lop. + Performance: improve the sheet's output generation. + add support for unknown encoding files (ie. DOS file) + add potential support for converting Lotus, ... documents, + accept to convert all Lotus Wk1 files and Symphony Wk1 files, + add support for Lotus Wk3 and Wk4 documents, + add support for Quattro Pro Wq1 and Wq2 documents, + only in debug mode, add pre-support for Lotus Wk5..., must allow to retrieve the main sheets content's with no formatting, + add potential support for asking the document's password ( but do nothing ) + correct some compiler warnings when compiling in debug mode. + Fix parsing of floating-point numbers in specific cases. + Fix several minor issues reported by Coverity and Clang. + Check arguments of public functions. Passing NULL no longer causes a crash. + Use symbol visibility on Linux. The library only exports the public functions now. + Import @TERM and @CTERM functions (fdo#86241). + Handle LICS character encoding in spreadsheets (fdo#87222). + Fix a crash when reading a broken file, found with the help of american-fuzzy-lop.
    last seen 2019-02-21
    modified 2016-02-29
    plugin id 89016
    published 2016-02-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89016
    title openSUSE Security Update : LibreOffice and related libraries (openSUSE-2016-273)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-2619.NASL
    description Updated libreoffice packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim. (CVE-2015-4551) An integer underflow flaw leading to a heap-based buffer overflow when parsing PrinterSetup data was discovered. By tricking a user into opening a specially crafted document, an attacker could possibly exploit this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5212) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way LibreOffice processed certain Microsoft Word .doc files. By tricking a user into opening a specially crafted Microsoft Word .doc document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5213) It was discovered that LibreOffice did not properly sanity check bookmark indexes. By tricking a user into opening a specially crafted document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5214) All libreoffice users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87358
    published 2015-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87358
    title CentOS 6 / 7 : libreoffice (CESA-2015:2619)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1915-1.NASL
    description This update brings LibreOffice to version 5.0.2, a major version update. It brings lots of new features, bugfixes and also security fixes. Features as seen on http://www.libreoffice.org/discover/new-features/ - LibreOffice 5.0 ships an impressive number of new features for its spreadsheet module, Calc: complex formulae image cropping, new functions, more powerful conditional formatting, table addressing and much more. Calc's blend of performance and features makes it an enterprise-ready, heavy duty spreadsheet application capable of handling all kinds of workload for an impressive range of use cases - New icons, major improvements to menus and sidebar : no other LibreOffice version has looked that good and helped you be creative and get things done the right way. In addition, style management is now more intuitive thanks to the visualization of styles right in the interface. - LibreOffice 5 ships with numerous improvements to document import and export filters for MS Office, PDF, RTF, and more. You can now timestamp PDF documents generated with LibreOffice and enjoy enhanced document conversion fidelity all around. The Pentaho Flow Reporting Engine is now added and used. Security issues fixed : - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. - CVE-2015-4551: An arbitrary file disclosure vulnerability in Libreoffice and Openoffice Calc and Writer was fixed. - CVE-2015-1774: The HWP filter in LibreOffice allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggered an out-of-bounds write. - CVE-2015-5212: A LibreOffice 'PrinterSetup Length' integer underflow vulnerability could be used by attackers supplying documents to execute code as the user opening the document. - CVE-2015-5213: A LibreOffice 'Piece Table Counter' invalid check design error vulnerability allowed attackers supplying documents to execute code as the user opening the document. - CVE-2015-5214: Multiple Vendor LibreOffice Bookmark Status Memory Corruption Vulnerability allowed attackers supplying documents to execute code as the user opening the document. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 86757
    published 2015-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86757
    title SUSE SLED12 / SLES12 Security Update : Recommended update for LibreOffice (SUSE-SU-2015:1915-1)
  • NASL family Windows
    NASL id OPENOFFICE_412.NASL
    description The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.2. It is, therefore, affected by the following vulnerabilities : - An overflow condition exists in the Hangul Word Processor (HWP) filter due to improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted HWP document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-1774) - An information disclosure vulnerability exists due to the use of stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links. A remote attacker can exploit this, via a specially crafted ODF document, to to obtain sensitive information. (CVE-2015-4551) - An integer underflow condition exists in the ReadJobSetup() function due to improper validation of user-supplied input when handling printer settings. A remote attacker can exploit this, via specially crafted PrinterSetup data in an ODF document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-5212) - An integer underflow condition exists in the WW8ScannerBase::OpenPieceTable() function due to improper validation of user-supplied input when handling the PieceTable counter. A remote attacker can exploit this, via a specially crafted .DOC file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-5213) - A memory corruption issue exists in 'filter/ww8/ww8scan.cxx' due to improper validation of user-supplied input when handling bookmark status positions. A remote attacker can exploit this, via a specially crafted document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-5214)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 86904
    published 2015-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86904
    title Apache OpenOffice < 4.1.2 Multiple Vulnerabilities
  • NASL family Windows
    NASL id LIBREOFFICE_445.NASL
    description The version of LibreOffice installed on the remote Windows host is prior to 4.4.5. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists due to the use of stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links. A remote attacker can exploit this, via a specially crafted ODF document, to to obtain sensitive information. (CVE-2015-4551) - An integer underflow condition exists in the ReadJobSetup() function due to improper validation of user-supplied input when handling printer settings. A remote attacker can exploit this, via specially crafted PrinterSetup data in an ODF document, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-5212) - An integer underflow condition exists in the WW8ScannerBase::OpenPieceTable() function due to improper validation of user-supplied input when handling the PieceTable counter. A remote attacker can exploit this, via a specially crafted .DOC file, to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-5213) Note that Nessus has not attempted to exploit these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 86900
    published 2015-11-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86900
    title LibreOffice < 4.4.5 Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-2619.NASL
    description From Red Hat Security Advisory 2015:2619 : Updated libreoffice packages that fixes multiple security issues are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. It was discovered that LibreOffice did not properly restrict automatic link updates. By tricking a victim into opening specially crafted documents, an attacker could possibly use this flaw to disclose contents of files accessible by the victim. (CVE-2015-4551) An integer underflow flaw leading to a heap-based buffer overflow when parsing PrinterSetup data was discovered. By tricking a user into opening a specially crafted document, an attacker could possibly exploit this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5212) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way LibreOffice processed certain Microsoft Word .doc files. By tricking a user into opening a specially crafted Microsoft Word .doc document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5213) It was discovered that LibreOffice did not properly sanity check bookmark indexes. By tricking a user into opening a specially crafted document, an attacker could possibly use this flaw to execute arbitrary code with the privileges of the user opening the file. (CVE-2015-5214) All libreoffice users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 87365
    published 2015-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87365
    title Oracle Linux 6 / 7 : libreoffice (ELSA-2015-2619)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0324-1.NASL
    description This update brings LibreOffice to version 5.0.4, a major version update. It brings lots of new features, bug fixes and also security fixes. Features as seen on http://www.libreoffice.org/discover/new-features/ - LibreOffice 5.0 ships an impressive number of new features for its spreadsheet module, Calc: complex formulae image cropping, new functions, more powerful conditional formatting, table addressing and much more. Calc's blend of performance and features makes it an enterprise-ready, heavy duty spreadsheet application capable of handling all kinds of workload for an impressive range of use cases - New icons, major improvements to menus and sidebar : no other LibreOffice version has looked that good and helped you be creative and get things done the right way. In addition, style management is now more intuitive thanks to the visualization of styles right in the interface. - LibreOffice 5 ships with numerous improvements to document import and export filters for MS Office, PDF, RTF, and more. You can now timestamp PDF documents generated with LibreOffice and enjoy enhanced document conversion fidelity all around. The Pentaho Flow Reporting Engine is now added and used. Security issues fixed : - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. - CVE-2015-4551: An arbitrary file disclosure vulnerability in Libreoffice and Openoffice Calc and Writer was fixed. - CVE-2015-5212: A LibreOffice 'PrinterSetup Length' integer underflow vulnerability could be used by attackers supplying documents to execute code as the user opening the document. - CVE-2015-5213: A LibreOffice 'Piece Table Counter' invalid check design error vulnerability allowed attackers supplying documents to execute code as the user opening the document. - CVE-2015-5214: Multiple Vendor LibreOffice Bookmark Status Memory Corruption Vulnerability allowed attackers supplying documents to execute code as the user opening the document. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 88575
    published 2016-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=88575
    title SUSE SLED11 Security Update : Recommended update for LibreOffice (SUSE-SU-2016:0324-1)
redhat via4
advisories
rhsa
id RHSA-2015:2619
rpms
  • autocorr-af-1:4.2.8.2-11.el6_7.1
  • autocorr-bg-1:4.2.8.2-11.el6_7.1
  • autocorr-ca-1:4.2.8.2-11.el6_7.1
  • autocorr-cs-1:4.2.8.2-11.el6_7.1
  • autocorr-da-1:4.2.8.2-11.el6_7.1
  • autocorr-de-1:4.2.8.2-11.el6_7.1
  • autocorr-en-1:4.2.8.2-11.el6_7.1
  • autocorr-es-1:4.2.8.2-11.el6_7.1
  • autocorr-fa-1:4.2.8.2-11.el6_7.1
  • autocorr-fi-1:4.2.8.2-11.el6_7.1
  • autocorr-fr-1:4.2.8.2-11.el6_7.1
  • autocorr-ga-1:4.2.8.2-11.el6_7.1
  • autocorr-hr-1:4.2.8.2-11.el6_7.1
  • autocorr-hu-1:4.2.8.2-11.el6_7.1
  • autocorr-is-1:4.2.8.2-11.el6_7.1
  • autocorr-it-1:4.2.8.2-11.el6_7.1
  • autocorr-ja-1:4.2.8.2-11.el6_7.1
  • autocorr-ko-1:4.2.8.2-11.el6_7.1
  • autocorr-lb-1:4.2.8.2-11.el6_7.1
  • autocorr-lt-1:4.2.8.2-11.el6_7.1
  • autocorr-mn-1:4.2.8.2-11.el6_7.1
  • autocorr-nl-1:4.2.8.2-11.el6_7.1
  • autocorr-pl-1:4.2.8.2-11.el6_7.1
  • autocorr-pt-1:4.2.8.2-11.el6_7.1
  • autocorr-ro-1:4.2.8.2-11.el6_7.1
  • autocorr-ru-1:4.2.8.2-11.el6_7.1
  • autocorr-sk-1:4.2.8.2-11.el6_7.1
  • autocorr-sl-1:4.2.8.2-11.el6_7.1
  • autocorr-sr-1:4.2.8.2-11.el6_7.1
  • autocorr-sv-1:4.2.8.2-11.el6_7.1
  • autocorr-tr-1:4.2.8.2-11.el6_7.1
  • autocorr-vi-1:4.2.8.2-11.el6_7.1
  • autocorr-zh-1:4.2.8.2-11.el6_7.1
  • libreoffice-1:4.2.8.2-11.el6_7.1
  • libreoffice-base-1:4.2.8.2-11.el6_7.1
  • libreoffice-bsh-1:4.2.8.2-11.el6_7.1
  • libreoffice-calc-1:4.2.8.2-11.el6_7.1
  • libreoffice-core-1:4.2.8.2-11.el6_7.1
  • libreoffice-draw-1:4.2.8.2-11.el6_7.1
  • libreoffice-emailmerge-1:4.2.8.2-11.el6_7.1
  • libreoffice-filters-1:4.2.8.2-11.el6_7.1
  • libreoffice-gdb-debug-support-1:4.2.8.2-11.el6_7.1
  • libreoffice-glade-1:4.2.8.2-11.el6_7.1
  • libreoffice-graphicfilter-1:4.2.8.2-11.el6_7.1
  • libreoffice-headless-1:4.2.8.2-11.el6_7.1
  • libreoffice-impress-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-af-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-ar-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-as-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-bg-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-bn-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-ca-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-cs-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-cy-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-da-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-de-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-dz-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-el-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-en-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-es-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-et-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-eu-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-fi-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-fr-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-ga-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-gl-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-gu-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-he-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-hi-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-hr-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-hu-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-it-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-ja-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-kn-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-ko-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-lt-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-mai-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-ml-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-mr-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-ms-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-nb-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-nl-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-nn-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-nr-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-nso-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-or-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-pa-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-pl-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-pt-BR-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-pt-PT-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-ro-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-ru-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-sk-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-sl-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-sr-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-ss-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-st-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-sv-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-ta-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-te-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-th-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-tn-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-tr-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-ts-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-uk-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-ur-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-ve-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-xh-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-zh-Hans-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-zh-Hant-1:4.2.8.2-11.el6_7.1
  • libreoffice-langpack-zu-1:4.2.8.2-11.el6_7.1
  • libreoffice-librelogo-1:4.2.8.2-11.el6_7.1
  • libreoffice-math-1:4.2.8.2-11.el6_7.1
  • libreoffice-nlpsolver-1:4.2.8.2-11.el6_7.1
  • libreoffice-ogltrans-1:4.2.8.2-11.el6_7.1
  • libreoffice-opensymbol-fonts-1:4.2.8.2-11.el6_7.1
  • libreoffice-pdfimport-1:4.2.8.2-11.el6_7.1
  • libreoffice-pyuno-1:4.2.8.2-11.el6_7.1
  • libreoffice-rhino-1:4.2.8.2-11.el6_7.1
  • libreoffice-sdk-1:4.2.8.2-11.el6_7.1
  • libreoffice-sdk-doc-1:4.2.8.2-11.el6_7.1
  • libreoffice-ure-1:4.2.8.2-11.el6_7.1
  • libreoffice-wiki-publisher-1:4.2.8.2-11.el6_7.1
  • libreoffice-writer-1:4.2.8.2-11.el6_7.1
  • libreoffice-xsltfilter-1:4.2.8.2-11.el6_7.1
  • autocorr-af-1:4.3.7.2-5.el7_2.1
  • autocorr-bg-1:4.3.7.2-5.el7_2.1
  • autocorr-ca-1:4.3.7.2-5.el7_2.1
  • autocorr-cs-1:4.3.7.2-5.el7_2.1
  • autocorr-da-1:4.3.7.2-5.el7_2.1
  • autocorr-de-1:4.3.7.2-5.el7_2.1
  • autocorr-en-1:4.3.7.2-5.el7_2.1
  • autocorr-es-1:4.3.7.2-5.el7_2.1
  • autocorr-fa-1:4.3.7.2-5.el7_2.1
  • autocorr-fi-1:4.3.7.2-5.el7_2.1
  • autocorr-fr-1:4.3.7.2-5.el7_2.1
  • autocorr-ga-1:4.3.7.2-5.el7_2.1
  • autocorr-hr-1:4.3.7.2-5.el7_2.1
  • autocorr-hu-1:4.3.7.2-5.el7_2.1
  • autocorr-is-1:4.3.7.2-5.el7_2.1
  • autocorr-it-1:4.3.7.2-5.el7_2.1
  • autocorr-ja-1:4.3.7.2-5.el7_2.1
  • autocorr-ko-1:4.3.7.2-5.el7_2.1
  • autocorr-lb-1:4.3.7.2-5.el7_2.1
  • autocorr-lt-1:4.3.7.2-5.el7_2.1
  • autocorr-mn-1:4.3.7.2-5.el7_2.1
  • autocorr-nl-1:4.3.7.2-5.el7_2.1
  • autocorr-pl-1:4.3.7.2-5.el7_2.1
  • autocorr-pt-1:4.3.7.2-5.el7_2.1
  • autocorr-ro-1:4.3.7.2-5.el7_2.1
  • autocorr-ru-1:4.3.7.2-5.el7_2.1
  • autocorr-sk-1:4.3.7.2-5.el7_2.1
  • autocorr-sl-1:4.3.7.2-5.el7_2.1
  • autocorr-sr-1:4.3.7.2-5.el7_2.1
  • autocorr-sv-1:4.3.7.2-5.el7_2.1
  • autocorr-tr-1:4.3.7.2-5.el7_2.1
  • autocorr-vi-1:4.3.7.2-5.el7_2.1
  • autocorr-zh-1:4.3.7.2-5.el7_2.1
  • libreoffice-1:4.3.7.2-5.el7_2.1
  • libreoffice-base-1:4.3.7.2-5.el7_2.1
  • libreoffice-bsh-1:4.3.7.2-5.el7_2.1
  • libreoffice-calc-1:4.3.7.2-5.el7_2.1
  • libreoffice-core-1:4.3.7.2-5.el7_2.1
  • libreoffice-draw-1:4.3.7.2-5.el7_2.1
  • libreoffice-emailmerge-1:4.3.7.2-5.el7_2.1
  • libreoffice-filters-1:4.3.7.2-5.el7_2.1
  • libreoffice-gdb-debug-support-1:4.3.7.2-5.el7_2.1
  • libreoffice-glade-1:4.3.7.2-5.el7_2.1
  • libreoffice-graphicfilter-1:4.3.7.2-5.el7_2.1
  • libreoffice-headless-1:4.3.7.2-5.el7_2.1
  • libreoffice-impress-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-af-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-ar-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-as-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-bg-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-bn-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-br-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-ca-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-cs-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-cy-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-da-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-de-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-dz-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-el-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-en-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-es-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-et-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-eu-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-fa-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-fi-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-fr-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-ga-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-gl-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-gu-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-he-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-hi-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-hr-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-hu-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-it-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-ja-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-kk-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-kn-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-ko-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-lt-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-lv-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-mai-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-ml-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-mr-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-nb-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-nl-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-nn-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-nr-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-nso-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-or-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-pa-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-pl-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-pt-BR-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-pt-PT-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-ro-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-ru-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-si-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-sk-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-sl-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-sr-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-ss-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-st-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-sv-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-ta-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-te-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-th-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-tn-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-tr-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-ts-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-uk-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-ve-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-xh-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-zh-Hans-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-zh-Hant-1:4.3.7.2-5.el7_2.1
  • libreoffice-langpack-zu-1:4.3.7.2-5.el7_2.1
  • libreoffice-librelogo-1:4.3.7.2-5.el7_2.1
  • libreoffice-math-1:4.3.7.2-5.el7_2.1
  • libreoffice-nlpsolver-1:4.3.7.2-5.el7_2.1
  • libreoffice-officebean-1:4.3.7.2-5.el7_2.1
  • libreoffice-ogltrans-1:4.3.7.2-5.el7_2.1
  • libreoffice-opensymbol-fonts-1:4.3.7.2-5.el7_2.1
  • libreoffice-pdfimport-1:4.3.7.2-5.el7_2.1
  • libreoffice-postgresql-1:4.3.7.2-5.el7_2.1
  • libreoffice-pyuno-1:4.3.7.2-5.el7_2.1
  • libreoffice-rhino-1:4.3.7.2-5.el7_2.1
  • libreoffice-sdk-1:4.3.7.2-5.el7_2.1
  • libreoffice-sdk-doc-1:4.3.7.2-5.el7_2.1
  • libreoffice-ure-1:4.3.7.2-5.el7_2.1
  • libreoffice-wiki-publisher-1:4.3.7.2-5.el7_2.1
  • libreoffice-writer-1:4.3.7.2-5.el7_2.1
  • libreoffice-xsltfilter-1:4.3.7.2-5.el7_2.1
refmap via4
bid 77486
confirm
debian DSA-3394
gentoo
  • GLSA-201603-05
  • GLSA-201611-03
sectrack
  • 1034085
  • 1034091
ubuntu USN-2793-1
Last major update 07-12-2016 - 13:13
Published 10-11-2015 - 12:59
Last modified 30-06-2017 - 21:29
Back to Top