Bugzilla – Bug 940838
VUL-0: CVE-2015-5214: LibreOffice: Bookmark Status Memory Corruption Vulnerability
Last modified: 2016-07-01 14:13:42 UTC
bugbot adjusting priority
public via openoffice.org https://www.openoffice.org/security/cves/CVE-2015-5214.html A crafted Microsoft Word DOC can contain invalid bookmark positions leading to memory corruption when the document is loaded or bookmarks are manipulated. The defect allows an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.
SUSE-SU-2015:1915-1: An update that solves 7 vulnerabilities and has 16 fixes is now available. Category: security (moderate) Bug References: 470073,806250,829430,890735,900186,900877,907966,910805,910806,913042,914911,915996,916181,918852,919409,926375,929793,934423,936188,936190,940838,943075,945692 CVE References: CVE-2014-8146,CVE-2014-8147,CVE-2015-1774,CVE-2015-4551,CVE-2015-5212,CVE-2015-5213,CVE-2015-5214 Sources used: SUSE Linux Enterprise Workstation Extension 12 (src): apache-commons-logging-1.1.3-7.1, cmis-client-0.5.0-5.1, flute-1.3.0-4.2, hyphen-2.8.8-9.1, libabw-0.1.1-5.3, libbase-1.1.3-4.3, libcdr-0.1.1-5.3, libe-book-0.1.2-4.2, libetonyek-0.1.3-3.5, libfonts-1.1.3-4.9, libformula-1.1.3-4.3, libfreehand-0.1.1-4.9, libgltf-0.0.1-2.1, libixion-0.9.1-3.1, liblangtag-0.5.7-3.1, liblayout-0.2.10-4.8, libloader-1.1.3-3.2, libmspub-0.1.2-5.1, libmwaw-0.3.6-3.3, libodfgen-0.1.4-3.9, liborcus-0.7.1-3.1, libpagemaker-0.0.2-2.3, libreoffice-5.0.2.2-13.14, libreoffice-share-linker-1-2.1, libreoffice-voikko-4.1-6.3, librepository-1.1.3-4.3, librevenge-0.0.2-4.1, libserializer-1.1.2-4.3, libvisio-0.1.3-4.3, libvoikko-3.7.1-3.1, libwps-0.4.1-3.1, malaga-suomi-1.18-3.2, myspell-dictionaries-20150827-5.1, pentaho-libxml-1.1.3-4.3, pentaho-reporting-flow-engine-0.9.4-4.5, sac-1.3-4.1 SUSE Linux Enterprise Software Development Kit 12 (src): cmis-client-0.5.0-5.1, graphite2-1.3.1-3.1, hyphen-2.8.8-9.1, libabw-0.1.1-5.3, libcdr-0.1.1-5.3, libe-book-0.1.2-4.2, libetonyek-0.1.3-3.5, libfreehand-0.1.1-4.9, libixion-0.9.1-3.1, liblangtag-0.5.7-3.1, libmspub-0.1.2-5.1, libmwaw-0.3.6-3.3, libodfgen-0.1.4-3.9, liborcus-0.7.1-3.1, librevenge-0.0.2-4.1, libvisio-0.1.3-4.3, libvoikko-3.7.1-3.1, libwps-0.4.1-3.1, malaga-suomi-1.18-3.2 SUSE Linux Enterprise Server 12 (src): apache-commons-logging-1.1.3-7.1, graphite2-1.3.1-3.1 SUSE Linux Enterprise Desktop 12 (src): apache-commons-logging-1.1.3-7.1, cmis-client-0.5.0-5.1, flute-1.3.0-4.2, graphite2-1.3.1-3.1, hyphen-2.8.8-9.1, libabw-0.1.1-5.3, libbase-1.1.3-4.3, libcdr-0.1.1-5.3, libe-book-0.1.2-4.2, libetonyek-0.1.3-3.5, libfonts-1.1.3-4.9, libformula-1.1.3-4.3, libfreehand-0.1.1-4.9, libgltf-0.0.1-2.1, libixion-0.9.1-3.1, liblangtag-0.5.7-3.1, liblayout-0.2.10-4.8, libloader-1.1.3-3.2, libmspub-0.1.2-5.1, libmwaw-0.3.6-3.3, libodfgen-0.1.4-3.9, liborcus-0.7.1-3.1, libpagemaker-0.0.2-2.3, libreoffice-5.0.2.2-13.14, libreoffice-share-linker-1-2.1, libreoffice-voikko-4.1-6.3, librepository-1.1.3-4.3, librevenge-0.0.2-4.1, libserializer-1.1.2-4.3, libvisio-0.1.3-4.3, libvoikko-3.7.1-3.1, libwps-0.4.1-3.1, malaga-suomi-1.18-3.2, myspell-dictionaries-20150827-5.1, pentaho-libxml-1.1.3-4.3, pentaho-reporting-flow-engine-0.9.4-4.5, sac-1.3-4.1
This is an autogenerated message for OBS integration: This bug (940838) was mentioned in https://build.opensuse.org/request/show/342524 Factory / libreoffice
This is an autogenerated message for OBS integration: This bug (940838) was mentioned in https://build.opensuse.org/request/show/343268 Factory / libreoffice
This is an autogenerated message for OBS integration: This bug (940838) was mentioned in https://build.opensuse.org/request/show/343412 Leap:42.1 / libreoffice
This is an autogenerated message for OBS integration: This bug (940838) was mentioned in https://build.opensuse.org/request/show/343845 Leap:42.1 / libreoffice.1176.openSUSE_Leap_42.1_Update
SUSE-SU-2016:0324-1: An update that solves 7 vulnerabilities and has 19 fixes is now available. Category: security (moderate) Bug References: 306333,547549,668145,679938,681560,688200,718113,806250,857026,889755,890735,907636,907966,910805,910806,914911,934423,936188,936190,939996,940838,943075,945047,945692,951579,954345 CVE References: CVE-2014-8146,CVE-2014-8147,CVE-2014-9093,CVE-2015-4551,CVE-2015-5212,CVE-2015-5213,CVE-2015-5214 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): google-carlito-fonts-1.1.03.beta1-2.1, hyphen-2.8.8-2.1, libreoffice-5.0.4.2-23.1, libreoffice-share-linker-1-2.1, libreoffice-voikko-4.1-2.26, libvoikko-3.7.1-5.2, myspell-dictionaries-20150827-23.1, mythes-1.2.4-2.1, python-importlib-1.0.2-0.8.1 SUSE Linux Enterprise Desktop 11-SP4 (src): google-carlito-fonts-1.1.03.beta1-2.1, hyphen-2.8.8-2.1, libreoffice-5.0.4.2-23.1, libreoffice-share-linker-1-2.1, libreoffice-voikko-4.1-2.26, libvoikko-3.7.1-5.2, myspell-dictionaries-20150827-23.1, mythes-1.2.4-2.1, python-importlib-1.0.2-0.8.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): hyphen-2.8.8-2.1, libreoffice-5.0.4.2-23.1, libvoikko-3.7.1-5.2, mythes-1.2.4-2.1
released
openSUSE-SU-2016:0588-1: An update that solves 9 vulnerabilities and has 15 fixes is now available. Category: security (moderate) Bug References: 679938,829430,889755,897903,900186,900214,900218,907636,910805,910806,915996,916181,926375,929793,934423,936188,936190,939996,940838,943075,945047,945692,951579,954345 CVE References: CVE-2014-3693,CVE-2014-8146,CVE-2014-8147,CVE-2014-9093,CVE-2015-4551,CVE-2015-45513,CVE-2015-5212,CVE-2015-5213,CVE-2015-5214 Sources used: openSUSE 13.2 (src): cmis-client-0.5.0-4.3.2, libetonyek-0.1.3-2.3.2, libmwaw-0.3.6-2.7.2, libodfgen-0.1.4-2.3.2, libpagemaker-0.0.2-2.2, libreoffice-5.0.4.2-28.1, libreoffice-share-linker-1-2.2, libwps-0.4.1-2.4.2, mdds-0.12.1-2.4.2