907636 – (CVE-2014-9093) VUL-1: CVE-2014-9093: libreoffice: crash importing malformed .rtf

Bug 907636 (CVE-2014-9093) - VUL-1: CVE-2014-9093: libreoffice: crash importing malformed .rtf

Summary: VUL-1: CVE-2014-9093: libreoffice: crash importing malformed .rtf

Status:	RESOLVED FIXED
Duplicates (1):	908156 (view as bug list)

Alias:	CVE-2014-9093

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Deadline:	2015-01-01
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/111043/
Whiteboard:	maint:running:60072:moderate CVSSv2:N...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-11-28 12:55 UTC by Johannes Segitz
Modified:	2016-04-27 19:32 UTC (History)
CC List:	8 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Reproducer (19.78 KB, application/rtf) 2014-11-28 12:55 UTC, Johannes Segitz	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2014-11-28 12:55:35 UTC

Created attachment 615368 [details]
Reproducer

rh#1165737

LibreOffice before 4.3.5 allows remote attackers to cause a denial of service
(invalid write operation and crash) and possibly execute arbitrary code via a
crafted RTF file.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1165737
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9093
http://www.openwall.com/lists/oss-security/2014/11/26/7
http://www.openwall.com/lists/oss-security/2014/11/19/3
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9093.html
https://bugs.freedesktop.org/show_bug.cgi?id=86449
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144836.html

Comment 1 Swamp Workflow Management 2014-11-28 23:00:14 UTC

bugbot adjusting priority

Comment 4 Tomáš Chvátal 2014-12-03 11:37:06 UTC

*** Bug 908156 has been marked as a duplicate of this bug. ***

Comment 11 Swamp Workflow Management 2014-12-18 16:22:25 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-01-01.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60072

Comment 12 Bernhard Wiedemann 2014-12-18 19:00:33 UTC

This is an autogenerated message for OBS integration:
This bug (907636) was mentioned in
https://build.opensuse.org/request/show/265833 Factory / libreoffice
https://build.opensuse.org/request/show/265834 13.2 / libreoffice

Comment 13 Bernhard Wiedemann 2014-12-18 20:00:37 UTC

This is an autogenerated message for OBS integration:
This bug (907636) was mentioned in
https://build.opensuse.org/request/show/265846 13.1 / libreoffice

Comment 14 Tomáš Chvátal 2014-12-18 20:07:51 UTC

3.6 lo does not seem to have the codepath at all so I suppose backporting it would be quite PITA, so no openSUSE 12.3

Comment 18 Swamp Workflow Management 2014-12-29 16:06:49 UTC

openSUSE-SU-2014:1727-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 884942,907636
CVE References: CVE-2014-9093
Sources used:
openSUSE 13.2 (src):    libreoffice-4.3.5.2-8.1
openSUSE 13.1 (src):    libreoffice-4.1.6.2-37.1, libreoffice-branding-upstream-4.1.6.2-37.1, libreoffice-help-en-US-4.1.6.2-37.1, libreoffice-help-group1-4.1.6.2-37.1, libreoffice-help-group2-4.1.6.2-37.1, libreoffice-help-group3-4.1.6.2-37.1, libreoffice-help-group4-4.1.6.2-37.1, libreoffice-help-group5-4.1.6.2-37.1, libreoffice-icon-themes-4.1.6.2-37.1, libreoffice-l10n-4.1.6.2-37.3

Comment 19 Swamp Workflow Management 2014-12-30 13:05:51 UTC

SUSE-SU-2014:1729-1: An update that solves one vulnerability and has one errata is now available.

Category: security (moderate)
Bug References: 884942,907636
CVE References: CVE-2014-9093
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    libreoffice-4.3.5.2-10.1
SUSE Linux Enterprise Desktop 12 (src):    libreoffice-4.3.5.2-10.1
SUSE Linux Enterprise Build System Kit 12 (src):    libreoffice-4.3.5.2-10.1

Comment 30 Bernhard Wiedemann 2015-09-21 11:00:13 UTC

This is an autogenerated message for OBS integration:
This bug (907636) was mentioned in
https://build.opensuse.org/request/show/332554 Factory / libreoffice

Comment 31 Bernhard Wiedemann 2015-10-16 09:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (907636) was mentioned in
https://build.opensuse.org/request/show/339209 Factory / libreoffice

Comment 32 Bernhard Wiedemann 2015-11-05 10:00:11 UTC

This is an autogenerated message for OBS integration:
This bug (907636) was mentioned in
https://build.opensuse.org/request/show/342524 Factory / libreoffice

Comment 33 Bernhard Wiedemann 2015-11-09 21:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (907636) was mentioned in
https://build.opensuse.org/request/show/343268 Factory / libreoffice

Comment 34 Bernhard Wiedemann 2015-11-10 13:00:11 UTC

This is an autogenerated message for OBS integration:
This bug (907636) was mentioned in
https://build.opensuse.org/request/show/343412 Leap:42.1 / libreoffice

Comment 35 Bernhard Wiedemann 2015-11-11 14:00:15 UTC

This is an autogenerated message for OBS integration:
This bug (907636) was mentioned in
https://build.opensuse.org/request/show/343845 Leap:42.1 / libreoffice.1176.openSUSE_Leap_42.1_Update

Comment 36 Swamp Workflow Management 2016-02-03 16:14:12 UTC

SUSE-SU-2016:0324-1: An update that solves 7 vulnerabilities and has 19 fixes is now available.

Category: security (moderate)
Bug References: 306333,547549,668145,679938,681560,688200,718113,806250,857026,889755,890735,907636,907966,910805,910806,914911,934423,936188,936190,939996,940838,943075,945047,945692,951579,954345
CVE References: CVE-2014-8146,CVE-2014-8147,CVE-2014-9093,CVE-2015-4551,CVE-2015-5212,CVE-2015-5213,CVE-2015-5214
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    google-carlito-fonts-1.1.03.beta1-2.1, hyphen-2.8.8-2.1, libreoffice-5.0.4.2-23.1, libreoffice-share-linker-1-2.1, libreoffice-voikko-4.1-2.26, libvoikko-3.7.1-5.2, myspell-dictionaries-20150827-23.1, mythes-1.2.4-2.1, python-importlib-1.0.2-0.8.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    google-carlito-fonts-1.1.03.beta1-2.1, hyphen-2.8.8-2.1, libreoffice-5.0.4.2-23.1, libreoffice-share-linker-1-2.1, libreoffice-voikko-4.1-2.26, libvoikko-3.7.1-5.2, myspell-dictionaries-20150827-23.1, mythes-1.2.4-2.1, python-importlib-1.0.2-0.8.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    hyphen-2.8.8-2.1, libreoffice-5.0.4.2-23.1, libvoikko-3.7.1-5.2, mythes-1.2.4-2.1

Comment 37 Tomáš Chvátal 2016-02-09 14:38:31 UTC

Could be closed as all codestreams were submitted.

Comment 38 Marcus Meissner 2016-02-10 07:32:48 UTC

yes

Comment 39 Swamp Workflow Management 2016-02-26 00:13:09 UTC

openSUSE-SU-2016:0588-1: An update that solves 9 vulnerabilities and has 15 fixes is now available.

Category: security (moderate)
Bug References: 679938,829430,889755,897903,900186,900214,900218,907636,910805,910806,915996,916181,926375,929793,934423,936188,936190,939996,940838,943075,945047,945692,951579,954345
CVE References: CVE-2014-3693,CVE-2014-8146,CVE-2014-8147,CVE-2014-9093,CVE-2015-4551,CVE-2015-45513,CVE-2015-5212,CVE-2015-5213,CVE-2015-5214
Sources used:
openSUSE 13.2 (src):    cmis-client-0.5.0-4.3.2, libetonyek-0.1.3-2.3.2, libmwaw-0.3.6-2.7.2, libodfgen-0.1.4-2.3.2, libpagemaker-0.0.2-2.2, libreoffice-5.0.4.2-28.1, libreoffice-share-linker-1-2.2, libwps-0.4.1-2.4.2, mdds-0.12.1-2.4.2