=========================================================================Ubuntu Security Notice USN-1495-1
July 02, 2012
libreoffice, libreoffice-l10n vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
Summary:
LibreOffice could be made to crash or potentially run programs as your
login if it opened a specially crafted file.
Software Description:
- libreoffice: Office productivity suite
- libreoffice-l10n: Office productivity suite help
Details:
Integer overflows were discovered in the graphics loading code of several
different image types. If a user were tricked into opening a specially
crafted file, an attacker could cause LibreOffice to crash or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-1149)
Sven Jacobi discovered an integer overflow when processing Escher graphics
records. If a user were tricked into opening a specially crafted PowerPoint
file, an attacker could cause LibreOffice to crash or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2012-2334)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
libreoffice-core 1:3.4.4-0ubuntu1.2
libreoffice-l10n-common 1:3.4.4-0ubuntu1.2
Ubuntu 11.04:
libreoffice-core 1:3.3.4-0ubuntu1.2
libreoffice-l10n-common 1:3.3.3-1ubuntu1.2
After a standard system update you need to restart LibreOffice to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-1495-1
CVE-2012-1149, CVE-2012-2334
Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:3.4.4-0ubuntu1.2
https://launchpad.net/ubuntu/+source/libreoffice-l10n/1:3.4.4-0ubuntu1.2
https://launchpad.net/ubuntu/+source/libreoffice/1:3.3.4-0ubuntu1.2
https://launchpad.net/ubuntu/+source/libreoffice-l10n/1:3.3.3-1ubuntu1.2