Advisories ยป MGASA-2018-0271

Updated libreoffice packages fix security vulnerabilities

Publication date: 05 Jun 2018
Modification date: 05 Jun 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-6871 , CVE-2018-10119 , CVE-2018-10120 , CVE-2018-10583

Description

The updated packages fix security vulnerabilities:

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read 
arbitrary files via =WEBSERVICE calls in a document, which use the 
COM.MICROSOFT.WEBSERVICE function. (CVE-2018-6871)

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 
6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which 
allows remote attackers to cause a denial of service (use-after-free with write 
access) or possibly have unspecified other impact via a crafted document that 
uses the structured storage ole2 wrapper file format. (CVE-2018-10119)

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in 
LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 does not validate a 
customizations index, which allows remote attackers to cause a denial of service 
(heap-based buffer overflow with write access) or possibly have unspecified 
other impact via a crafted document that contains a certain Microsoft Word 
record. (CVE-2018-10120)

An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache 
OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection 
embedded in a malicious file, as demonstrated by 
xlink:href=file://192.168.0.2/test.jpg within an office:document-content element 
in a .odt XML document. (CVE-2018-10583)

References

SRPMS

6/core