Rewterz Threat Advisory – Red Hat update for libreoffice

Red Hat has issued an update for libreoffice. It fixes multiple vulnerabilities that can be used to gain access to and compromise a vulnerable system.

IMPACT:  NORMAL

PUBLISH DATE:  05-11-2018

OVERVIEW

Red Hat has released updates for the libreoffice, fixing multiple vulnerabilities that could compromise a system. The vulnerabilities could allow remote attackers to induce a denial of service or cause an unauthorized information disclosure.

ANALYSIS

The Red Hat update for LibreOffice fixes the following vulnerabilities.

CVE-2018-10119

Due to incorrect usage of an integer data type in the StgSmallStrm class in sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1, a remote attacker can cause denial of service (use-after-free with write access). Other unknown impacts are also expected via a crafted document that uses the structured storage ole2 wrapper file format.

CVE-2018-10583

LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 are prone to automatically processing and initiating an SMB connection embedded in a malicious file within a .odt XML document. This vulnerability leads to information disclosure.

CVE-2018-10120

The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 fails to validate a customizations index, which can be exploited remotely to cause denial of service or result in other unspecified impacts.

AFFECTED PRODUCTS

Red Hat Enterprise Linux Desktop 7

Red Hat Enterprise Linux Server 7

Red Hat Enterprise Linux Workstation 7

UPDATES

The Red Hat Network is providing the updated packages. Follow the link for details.

http://rhn.redhat.com

If you think you’re the victim of a cyber-attack, immediately send an email to soc@rewterz.com for a quick response.