Oval Definition:oval:org.opensuse.security:def:78834
Revision Date:2017-11-06Version:1
Title:Security update for libwpd (Important)
Description:

This update for libwpd fixes the following issues:

Security issue fixed: - CVE-2017-14226: WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. (bnc#1058025)

Bugfixes: - Fix various crashes, leaks and hangs when reading damaged files found by oss-fuzz. - Fix crash when NULL is passed as input stream. - Use symbol visibility on Linux. The library only exports public functions now. - Avoid infinite loop. (libwpd#3) - Remove bashism. (libwpd#5) - Fix various crashes and hangs when reading broken files found with the help of american-fuzzy-lop. - Make --help output of all command line tools more help2man-friendly. - Miscellaneous fixes and cleanups. - Generate manpages for the libwpd-tools
Family:unixClass:patch
Status:Reference(s):1058025
CVE-2017-14226
SUSE-SU-2017:2931-1
Platform(s):SUSE Linux Enterprise Desktop 12 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND libwpd-0_10-10-0.10.2-2.4.1 is installed
  • BACK