Advisories » MGASA-2014-0086

Updated gnome-chemistry-utils, gnumeric and goffice packages fix security vulnerability

Publication date: 21 Feb 2014
Modification date: 21 Feb 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-6836

Description

Heap-based buffer overflow in the ms_escher_get_data function in
plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9
allows remote attackers to cause a denial of service (crash) via
a crafted xls file with a crafted length value. (CVE-2013-6836)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12294
• https://bugzilla.redhat.com/show_bug.cgi?id=1044857
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6836

SRPMS

3/core

• gnome-chemistry-utils-0.14.5-1.mga3
• gnumeric-1.12.9-1.mga3
• goffice-0.10.9-1.mga3