967015 – (CVE-2016-0795) VUL-1: CVE-2016-0795: libreoffice: multiple lwp issues

Bug 967015 (CVE-2016-0795) - VUL-1: CVE-2016-0795: libreoffice: multiple lwp issues

Summary: VUL-1: CVE-2016-0795: libreoffice: multiple lwp issues

Status:	RESOLVED FIXED

Alias:	CVE-2016-0795

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/161941/
Whiteboard:	CVSSv2:SUSE:CVE-2016-0795:4.3:(AV:A/A...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-02-17 08:43 UTC by Sebastian Krahmer
Modified:	2016-08-31 16:22 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2016-02-17 08:43:16 UTC

Not much description from upstream. Patches look like they are
fixing some overflows.

CVE-2016-0795


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0795
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0795.html

Comment 2 Swamp Workflow Management 2016-02-17 23:01:00 UTC

bugbot adjusting priority

Comment 3 Bernhard Wiedemann 2016-02-21 14:00:22 UTC

This is an autogenerated message for OBS integration:
This bug (967015) was mentioned in
https://build.opensuse.org/request/show/360718 Factory / libreoffice

Comment 4 Bernhard Wiedemann 2016-05-10 17:00:14 UTC

This is an autogenerated message for OBS integration:
This bug (967015) was mentioned in
https://build.opensuse.org/request/show/394672 13.2 / libreoffice

Comment 5 Swamp Workflow Management 2016-05-27 13:12:58 UTC

openSUSE-SU-2016:1415-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 967014,967015
CVE References: CVE-2016-0794,CVE-2016-0795
Sources used:
openSUSE 13.2 (src):    libreoffice-5.0.6.3-31.3

Comment 6 Swamp Workflow Management 2016-07-01 16:09:46 UTC

SUSE-SU-2016:1728-1: An update that solves two vulnerabilities and has 9 fixes is now available.

Category: security (moderate)
Bug References: 718113,856729,939998,945443,945445,955832,965294,965296,967014,967015,977784
CVE References: CVE-2016-0794,CVE-2016-0795
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    boost-1.54.0-15.1, cmis-client-0.5.1-8.2, hyphen-2.8.8-12.1, libetonyek-0.1.6-6.3, libixion-0.11.0-6.2, liborcus-0.11.0-6.1, libreoffice-5.1.3.2-22.9, libvisio-0.1.5-7.1, libwps-0.4.2-6.1, myspell-dictionaries-20160511-11.1, openCOLLADA-1_3335ac1-2.1
SUSE Linux Enterprise Workstation Extension 12 (src):    boost-1.54.0-15.1, cmis-client-0.5.1-8.2, hyphen-2.8.8-12.1, libetonyek-0.1.6-6.3, libixion-0.11.0-6.2, liborcus-0.11.0-6.1, libreoffice-5.1.3.2-22.9, libvisio-0.1.5-7.1, libwps-0.4.2-6.1, myspell-dictionaries-20160511-11.1, openCOLLADA-1_3335ac1-2.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    boost-1.54.0-15.1, cmis-client-0.5.1-8.2, hunspell-1.3.2-18.1, hyphen-2.8.8-12.1, libetonyek-0.1.6-6.3, libixion-0.11.0-6.2, liborcus-0.11.0-6.1, libvisio-0.1.5-7.1, libwps-0.4.2-6.1
SUSE Linux Enterprise Software Development Kit 12 (src):    boost-1.54.0-15.1, cmis-client-0.5.1-8.2, hunspell-1.3.2-18.1, hyphen-2.8.8-12.1, libetonyek-0.1.6-6.3, libixion-0.11.0-6.2, liborcus-0.11.0-6.1, libvisio-0.1.5-7.1, libwps-0.4.2-6.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    boost-1.54.0-15.1, cmis-client-0.5.1-8.2, hunspell-1.3.2-18.1, hyphen-2.8.8-12.1, libetonyek-0.1.6-6.3, libixion-0.11.0-6.2, liborcus-0.11.0-6.1, libreoffice-5.1.3.2-22.9, libvisio-0.1.5-7.1, libwps-0.4.2-6.1, myspell-dictionaries-20160511-11.1, openCOLLADA-1_3335ac1-2.1
SUSE Linux Enterprise Desktop 12 (src):    boost-1.54.0-15.1, cmis-client-0.5.1-8.2, hunspell-1.3.2-18.1, hyphen-2.8.8-12.1, libetonyek-0.1.6-6.3, libixion-0.11.0-6.2, liborcus-0.11.0-6.1, libreoffice-5.1.3.2-22.9, libvisio-0.1.5-7.1, libwps-0.4.2-6.1, myspell-dictionaries-20160511-11.1, openCOLLADA-1_3335ac1-2.1

Comment 7 Swamp Workflow Management 2016-07-14 22:09:32 UTC

openSUSE-SU-2016:1805-1: An update that solves two vulnerabilities and has 9 fixes is now available.

Category: security (moderate)
Bug References: 718113,856729,939998,945443,945445,955832,965294,965296,967014,967015,977784
CVE References: CVE-2016-0794,CVE-2016-0795
Sources used:
openSUSE Leap 42.1 (src):    cmis-client-0.5.1-3.1, hunspell-1.3.2-5.1, hyphen-2.8.8-6.1, libetonyek-0.1.6-3.2, libixion-0.11.0-3.1, liborcus-0.11.0-4.1, libreoffice-5.1.3.2-8.1, libvisio-0.1.5-3.1, libwps-0.4.2-3.1, mdds-1_0-1.1.0-2.1, myspell-dictionaries-20160511-4.1

Comment 8 Marcus Meissner 2016-08-01 14:01:47 UTC

released i think