Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2015-0441)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.131128

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2015-0441)

Resumen: The remote host is missing an update for the 'libreoffice' package(s) announced via the MGASA-2015-0441 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libreoffice' package(s) announced via the MGASA-2015-0441 advisory.

Vulnerability Insight:
Federico Scrinzi discovered that LibreOffice incorrectly handled documents
inserted into Writer or Calc via links. If a user were tricked into
opening a specially crafted document, a remote attacker could possibly
obtain the contents of arbitrary files (CVE-2015-4551).

It was discovered that LibreOffice incorrectly handled PrinterSetup data
stored in ODF files. If a user were tricked into opening a specially
crafted ODF document, a remote attacker could cause LibreOffice to crash,
and possibly execute arbitrary code.(CVE-2015-5212).

It was discovered that LibreOffice incorrectly handled the number of
pieces in DOC files. If a user were tricked into opening a specially
crafted DOC document, a remote attacker could cause LibreOffice to crash,
and possibly execute arbitrary code (CVE-2015-5213).

It was discovered that LibreOffice incorrectly handled bookmarks in DOC
files. If a user were tricked into opening a specially crafted DOC
document, a remote attacker could cause LibreOffice to crash, and possibly
execute arbitrary code (CVE-2015-5214).

LibreOffice has been updated to version 4.4.6, which fixes these issues as
well as several other bugs.

Affected Software/OS:
'libreoffice' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-4551
BugTraq ID: 77486
http://www.securityfocus.com/bid/77486
Debian Security Information: DSA-3394 (Google Search)
http://www.debian.org/security/2015/dsa-3394
https://security.gentoo.org/glsa/201603-05
https://security.gentoo.org/glsa/201611-03
RedHat Security Advisories: RHSA-2015:2619
http://rhn.redhat.com/errata/RHSA-2015-2619.html
http://www.securitytracker.com/id/1034085
http://www.securitytracker.com/id/1034091
http://www.ubuntu.com/usn/USN-2793-1
Common Vulnerability Exposure (CVE) ID: CVE-2015-5212
Common Vulnerability Exposure (CVE) ID: CVE-2015-5213
Common Vulnerability Exposure (CVE) ID: CVE-2015-5214
http://www.securitytracker.com/id/1034086

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.131128
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2015-0441)
Resumen:	The remote host is missing an update for the 'libreoffice' package(s) announced via the MGASA-2015-0441 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libreoffice' package(s) announced via the MGASA-2015-0441 advisory. Vulnerability Insight: Federico Scrinzi discovered that LibreOffice incorrectly handled documents inserted into Writer or Calc via links. If a user were tricked into opening a specially crafted document, a remote attacker could possibly obtain the contents of arbitrary files (CVE-2015-4551). It was discovered that LibreOffice incorrectly handled PrinterSetup data stored in ODF files. If a user were tricked into opening a specially crafted ODF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code.(CVE-2015-5212). It was discovered that LibreOffice incorrectly handled the number of pieces in DOC files. If a user were tricked into opening a specially crafted DOC document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code (CVE-2015-5213). It was discovered that LibreOffice incorrectly handled bookmarks in DOC files. If a user were tricked into opening a specially crafted DOC document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code (CVE-2015-5214). LibreOffice has been updated to version 4.4.6, which fixes these issues as well as several other bugs. Affected Software/OS: 'libreoffice' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2015-4551 BugTraq ID: 77486 http://www.securityfocus.com/bid/77486 Debian Security Information: DSA-3394 (Google Search) http://www.debian.org/security/2015/dsa-3394 https://security.gentoo.org/glsa/201603-05 https://security.gentoo.org/glsa/201611-03 RedHat Security Advisories: RHSA-2015:2619 http://rhn.redhat.com/errata/RHSA-2015-2619.html http://www.securitytracker.com/id/1034085 http://www.securitytracker.com/id/1034091 http://www.ubuntu.com/usn/USN-2793-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-5212 Common Vulnerability Exposure (CVE) ID: CVE-2015-5213 Common Vulnerability Exposure (CVE) ID: CVE-2015-5214 http://www.securitytracker.com/id/1034086
Copyright	Copyright (C) 2015 Greenbone AG