Test ID:	1.3.6.1.4.1.25623.1.1.10.2014.0447
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2014-0447)
Summary:	The remote host is missing an update for the 'libreoffice' package(s) announced via the MGASA-2014-0447 advisory.
Description:	Summary: The remote host is missing an update for the 'libreoffice' package(s) announced via the MGASA-2014-0447 advisory. Vulnerability Insight: It was discovered during routine code review that LibreOffice unconditionally executed certain VBA macros on loading Microsoft Office documents, contrary to user expectations (CVE-2014-0247). A vulnerability in LibreOffice allows an attacker to send a document which when opened will trigger the prompt to 'Update Links' but if the user cancels that prompt may still generate and insert into the document an OLE2 preview image of a file on the victims filesystem, Data exposure is possible if the updated document is then distributed to other parties (CVE-2014-3575). LibreOffice has been updated to version 4.1.6.2 and patched to fix the CVE-2014-0247 and CVE-2014-3575 issues as well as to fix other bugs. Affected Software/OS: 'libreoffice' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0247 57383 http://secunia.com/advisories/57383 59330 http://secunia.com/advisories/59330 60799 http://secunia.com/advisories/60799 68151 http://www.securityfocus.com/bid/68151 FEDORA-2014-7679 http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135020.html GLSA-201408-19 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml RHSA-2015:0377 http://rhn.redhat.com/errata/RHSA-2015-0377.html USN-2253-1 http://www.ubuntu.com/usn/USN-2253-1 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0247.html https://bugs.mageia.org/show_bug.cgi?id=13580 https://gerrit.libreoffice.org/gitweb?p=core.git%3Ba=blobdiff%3Bf=sfx2/source/doc/docmacromode.cxx%3Bh=4d4ae52b4339582a039744d03671c1db0633d6c3%3Bhp=2108d1920f8148ff60fd4a57684f295d6d733e7b%3Bhb=1b0402f87c9b17fef2141130bfaa1798ece6ba0d%3Bhpb=4d2113250fa7ed62fe2c53ed0f76e3de5875cb81 https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/ openSUSE-SU-2014:0860 http://lists.opensuse.org/opensuse-updates/2014-07/msg00006.html Common Vulnerability Exposure (CVE) ID: CVE-2014-3575 BugTraq ID: 69354 http://www.securityfocus.com/bid/69354 Bugtraq: 20140821 CVE-2014-3575:OpenOffice Targeted Data Exposure Using Crafted OLE Objects (Google Search) http://archives.neohapsis.com/archives/bugtraq/2014-08/0115.html http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137657.html https://security.gentoo.org/glsa/201603-05 RedHat Security Advisories: RHSA-2015:0377 http://www.securitytracker.com/id/1030754 http://secunia.com/advisories/59600 http://secunia.com/advisories/59877 XForce ISS Database: apache-openoffice-cve20143575-info-disc(95420) https://exchange.xforce.ibmcloud.com/vulnerabilities/95420
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.