Red Hat has issued an update for libreoffice. It fixes multiple vulnerabilities that can be used to gain access to and compromise a vulnerable system.
IMPACT: NORMAL
PUBLISH DATE: 05-11-2018
OVERVIEW
Red Hat has released updates for the libreoffice, fixing multiple vulnerabilities that could compromise a system. The vulnerabilities could allow remote attackers to induce a denial of service or cause an unauthorized information disclosure.
ANALYSIS
The Red Hat update for LibreOffice fixes the following vulnerabilities.
CVE-2018-10119
Due to incorrect usage of an integer data type in the StgSmallStrm class in sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1, a remote attacker can cause denial of service (use-after-free with write access). Other unknown impacts are also expected via a crafted document that uses the structured storage ole2 wrapper file format.
CVE-2018-10583
LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 are prone to automatically processing and initiating an SMB connection embedded in a malicious file within a .odt XML document. This vulnerability leads to information disclosure.
CVE-2018-10120
The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before 5.4.6.1 and 6.x before 6.0.2.1 fails to validate a customizations index, which can be exploited remotely to cause denial of service or result in other unspecified impacts.
AFFECTED PRODUCTS
Red Hat Enterprise Linux Desktop 7
Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux Workstation 7
UPDATES
The Red Hat Network is providing the updated packages. Follow the link for details.
If you think you’re the victim of a cyber-attack, immediately send an email to soc@rewterz.com for a quick response.