Red Hat has issued an update for libreoffice. It fixes multiple vulnerabilities that can be used to gain access to and compromise a vulnerable system.
PUBLISH DATE: 05-11-2018
Red Hat has released updates for the libreoffice, fixing multiple vulnerabilities that could compromise a system. The vulnerabilities could allow remote attackers to induce a denial of service or cause an unauthorized information disclosure.
The Red Hat update for LibreOffice fixes the following vulnerabilities.
Due to incorrect usage of an integer data type in the StgSmallStrm class in sot/source/sdstor/stgstrms.cxx in LibreOffice before 18.104.22.168 and 6.x before 22.214.171.124, a remote attacker can cause denial of service (use-after-free with write access). Other unknown impacts are also expected via a crafted document that uses the structured storage ole2 wrapper file format.
LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 are prone to automatically processing and initiating an SMB connection embedded in a malicious file within a .odt XML document. This vulnerability leads to information disclosure.
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 126.96.36.199 and 6.x before 188.8.131.52 fails to validate a customizations index, which can be exploited remotely to cause denial of service or result in other unspecified impacts.
Red Hat Enterprise Linux Desktop 7
Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux Workstation 7
The Red Hat Network is providing the updated packages. Follow the link for details.
If you think you’re the victim of a cyber-attack, immediately send an email to firstname.lastname@example.org for a quick response.