Bugzilla – Bug 831578
VUL-1: CVE-2013-4156: libreoffice: OpenOffice DOCM Memory Corruption Vulnerability
Last modified: 2015-02-19 00:17:30 UTC
public via full-disclosure list CVE-2013-4156 CVE-2013-4156 OpenOffice DOCM Memory Corruption Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 3.4.0 and 3.4.1, on all platforms. Predecessor versions of OpenOffice.org may be also affected. Description: The vulnerability is caused by mishandling of unknown XML elements when parsing a OOXML document file. Specially crafted documents can be used for memory-corruption attacks. Further exploits are possible but have not been verified. Mitigation Apache OpenOffice 3.4.0 and 3.4.1 users are advised to upgrade to Apache OpenOffice 4.0. Users who are unable to upgrade immediately should be cautious when opening untrusted documents. Credits The Apache OpenOffice Security Team credits Jeremy Brown of Microsoft Vulnerability Research as the discoverer of this flaw. Herbert Duerr Member of the Apache OpenOffice Security Team
bugbot adjusting priority
Really no offense, but VUL-0 and planned updates? Is it because there aren't any details public yet? Is this bug really a major issue? I also suggest tracking CVE-2013 2189 that was made public on the exact same day (even 20 seconds earlier): https://bugzilla.novell.com/show_bug.cgi?id=831904
ok. vul-1 is better tagging here. libreoffice updates are usually handed us in large sets by the libreoffice team at certain intervals anyway.
It is just a NULL pointer dereference in LibreOffice, see http://www.libreoffice.org/advisories/CVE-2013-4156/ This is what Caolán McNamara <caolanm at redhat dot com> wrote on the Office security mailing list: --- cut --- The CVE-2013-4156: OpenOffice DOCM Memory Corruption Vulnerability http://permalink.gmane.org/gmane.comp.apache.maven.announce/1504 is equivalent to new http://www.libreoffice.org/advisories/CVE-2013-4156/ CVE-2013-4156: Microsoft .docm Denial Of Service and is fixed in 3.6.7, 4.0.4 and 4.1.0. For LibreOffice due to earlier cppcheck fixes by Julien this is a NULL dereference for LibreOffice rather than any leap into uninitialized hyperspace. --- cut --- => it is a normal crasher and there is no real vulnerability in LO. Do we really need to do an update because of this, please?
Created attachment 549878 [details] Backtrace from LO 3.5.4.13 on openSUSE 12.2 The oldest LibreOffice version 3.5.4.13 package is on openSUSE-12.2. I have double checked that even this version has the cppcheck fixes and it is just the NULL pointer dereference. See the attached backtrace for more details. All other SUSE products have newer LO version and thus are on the safe side.
Marcus, should I prepare the maintenance update or will we leave this for a real security problem, please?
vul-1 means "Planned" update, we should fix it at some point, but not right now. (given that its just a NULL ptr deref crash.) So just make sure it is collected in your next round of updates.
Created attachment 603453 [details] Backported patch for libreoffice-4.0.3.3.5 Note that I haven't even compile tested it. Anyway, I attach it so that it could be used by Andras on Windows.
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-09-08. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58794
This is an autogenerated message for OBS integration: This bug (831578) was mentioned in https://build.opensuse.org/request/show/247202 13.1+12.3 / libreoffice-help-group2+libreoffice-help-en-US+libreoffice-icon-themes+libreoffice-help-group3+libreoffice-help-group5+libreoffice-l10n+libreoffice-branding-upstream+libreoffice-help-group4+libreoffice+libreoffice-help-group1
releasedfor sle11, opensuse will be released in some days
SUSE-SU-2014:1116-1: An update that solves two vulnerabilities and has 52 fixes is now available. Category: security (important) Bug References: 382137,593612,654230,753460,757432,779620,779642,780044,783433,802888,816593,817956,819614,819822,819865,820077,820273,820503,820504,820509,820788,820800,820819,820836,821567,821795,822908,823626,823651,823655,823675,823935,825305,825891,825976,828390,828598,829017,830205,831457,831578,834035,834705,834720,834722,835985,837302,839727,862510,863021,864396,870234,878854,893141 CVE References: CVE-2013-4156,CVE-2014-3575 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): libreoffice-4.0.3.3.26-0.6.2, libreoffice-branding-upstream-4.0.3.3.26-0.6.1, libreoffice-help-en-US-4.0.3.3.26-0.6.1, libreoffice-help-group1-4.0.3.3.26-0.6.1, libreoffice-help-group2-4.0.3.3.26-0.6.1, libreoffice-help-group3-4.0.3.3.26-0.6.1, libreoffice-help-group4-4.0.3.3.26-0.6.1, libreoffice-help-group5-4.0.3.3.26-0.6.1, libreoffice-icon-themes-4.0.3.3.26-0.6.2, libreoffice-l10n-4.0.3.3.26-0.6.2 SUSE Linux Enterprise Desktop 11 SP3 (src): libreoffice-4.0.3.3.26-0.6.2, libreoffice-help-en-US-4.0.3.3.26-0.6.1, libreoffice-help-group1-4.0.3.3.26-0.6.1, libreoffice-help-group2-4.0.3.3.26-0.6.1, libreoffice-help-group3-4.0.3.3.26-0.6.1, libreoffice-help-group4-4.0.3.3.26-0.6.1, libreoffice-help-group5-4.0.3.3.26-0.6.1, libreoffice-icon-themes-4.0.3.3.26-0.6.2, libreoffice-l10n-4.0.3.3.26-0.6.2
openSUSE-SU-2014:1126-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 831578,893141 CVE References: CVE-2013-4156,CVE-2014-3575 Sources used: openSUSE 13.1 (src): libreoffice-4.1.6.2-25.1, libreoffice-branding-upstream-4.1.6.2-25.1, libreoffice-help-en-US-4.1.6.2-25.1, libreoffice-help-group1-4.1.6.2-25.1, libreoffice-help-group2-4.1.6.2-25.1, libreoffice-help-group3-4.1.6.2-25.1, libreoffice-help-group4-4.1.6.2-25.1, libreoffice-help-group5-4.1.6.2-25.1, libreoffice-icon-themes-4.1.6.2-25.1, libreoffice-l10n-4.1.6.2-25.2 openSUSE 12.3 (src): libreoffice-3.6.3.2.4-2.9.1, libreoffice-branding-upstream-3.6.3.2.4-2.9.1, libreoffice-help-en-US-3.6.3.2.4-2.9.1, libreoffice-help-group1-3.6.3.2.4-2.9.1, libreoffice-help-group2-3.6.3.2.4-2.9.1, libreoffice-help-group3-3.6.3.2.4-2.9.1, libreoffice-help-group4-3.6.3.2.4-2.9.1, libreoffice-help-group5-3.6.3.2.4-2.9.1, libreoffice-icon-themes-3.6.3.2.4-2.9.1, libreoffice-l10n-3.6.3.2.4-2.9.3