Bugzilla – Bug 987553
VUL-1: CVE-2016-4324 libreoffice: Dereference of invalid STL iterator on processing RTF file
Last modified: 2017-08-01 14:37:07 UTC
https://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/ Fixed in: LibreOffice 5.1.4/5.2.0 Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents can be constructed which dereference an iterator to the first entry of an empty STL container. References: https://bugzilla.redhat.com/show_bug.cgi?id=1351197 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4324 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4324.html http://www.debian.org/security/2016/dsa-3608 http://blog.talosintel.com/2016/06/vulnerability-spotlight-libreoffice-rtf.html
This is an autogenerated message for OBS integration: This bug (987553) was mentioned in https://build.opensuse.org/request/show/406393 Factory / libreoffice
bugbot adjusting priority
SUSE-SU-2016:2472-1: An update that solves one vulnerability and has one errata is now available. Category: security (low) Bug References: 1000102,987553 CVE References: CVE-2016-4324 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP1 (src): libreoffice-5.1.5.2-29.4 SUSE Linux Enterprise Desktop 12-SP1 (src): libreoffice-5.1.5.2-29.4
Is this fixable for 13.2?
(In reply to Andreas Stieger from comment #9) > Is this fixable for 13.2? Yes and no. As there were more issues and it is quite effort to update to 5.1 series libreoffice there. ECO update covers Leap. I asked community to do it. 2 people said they will, nobody ever followed upon it... If you want just this patch tho it is just 4 lines and it indeed is doable.
openSUSE-SU-2016:2538-1: An update that solves one vulnerability and has one errata is now available. Category: security (low) Bug References: 1000102,987553 CVE References: CVE-2016-4324 Sources used: openSUSE Leap 42.1 (src): libreoffice-5.1.5.2-11.1
13.2 out of support scope.