============================================================================ Ubuntu Security Notice USN-1495-1 July 02, 2012 libreoffice, libreoffice-l10n vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 Summary: LibreOffice could be made to crash or potentially run programs as your login if it opened a specially crafted file. Software Description: - libreoffice: Office productivity suite - libreoffice-l10n: Office productivity suite help Details: Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-1149) Sven Jacobi discovered an integer overflow when processing Escher graphics records. If a user were tricked into opening a specially crafted PowerPoint file, an attacker could cause LibreOffice to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-2334) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: libreoffice-core 1:3.4.4-0ubuntu1.2 libreoffice-l10n-common 1:3.4.4-0ubuntu1.2 Ubuntu 11.04: libreoffice-core 1:3.3.4-0ubuntu1.2 libreoffice-l10n-common 1:3.3.3-1ubuntu1.2 After a standard system update you need to restart LibreOffice to make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1495-1 CVE-2012-1149, CVE-2012-2334 Package Information: https://launchpad.net/ubuntu/+source/libreoffice/1:3.4.4-0ubuntu1.2 https://launchpad.net/ubuntu/+source/libreoffice-l10n/1:3.4.4-0ubuntu1.2 https://launchpad.net/ubuntu/+source/libreoffice/1:3.3.4-0ubuntu1.2 https://launchpad.net/ubuntu/+source/libreoffice-l10n/1:3.3.3-1ubuntu1.2