|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0446 (libreoffice)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0446: Updated libreoffice packages fix security vulnerability 


Date:
    	      Fri, 14 Nov 2014 02:24:59 +0100


Message-ID:
    	      <20141114012500.234145D631@valstar.mageia.org>


MGASA-2014-0446 - Updated libreoffice packages fix security vulnerability

Publication date: 14 Nov 2014
URL: http://advisories.mageia.org/MGASA-2014-0446.html
Type: security
Affected Mageia releases: 3
CVE: CVE-2014-3575

Description:
A vulnerability in LibreOffice allows an attacker to send a document which
when opened will trigger the prompt to "Update Links" but if the user cancels
that prompt may still generate and insert into the document an OLE2 preview
image of a file on the victims filesystem, Data exposure is possible if the
updated document is then distributed to other parties (CVE-2014-3575).

LibreOffice has been patched to fix this issue.

References:
- https://bugs.mageia.org/show_bug.cgi?id=13580
- http://www.libreoffice.org/about-us/security/advisories/c...
- https://lists.fedoraproject.org/pipermail/package-announc...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3575

SRPMS:
- 3/core/libreoffice-4.0.6.2-3.mga3
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds