LibreOffice Addresses Multiple Heap-based Buffer Overflow Vulnerability

Just a few weeks after releasing the LibreOffice 3.5.5, The Document Foundation has confirmed that security holes in earlier versions of the open source LibreOffice, that could be exploited to execute arbitrary code with the privileges of the active user.

According to the security advisories of LibreOffice, dubbed CVE-2012-2665 - "Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of LibreOffice. An attacker could create a specially-crafted file in the Open Document Format for Office Applications (ODF) format which when opened could cause arbitrary code execution." Users are recommended to upgrade to 3.5.5 or 3.6.0 to avoid this flaw.  Red Hat released updated OpenOffice.org and LibreOffice packages for both Red Hat Enterprise Linux version 5 and Red Hat Enterprise Linux version 6. Users are advised to upgrade to these updated packages, which contain backported patches to correct the issues, Red Hat said in three security advisories published on Tuesday. Linux vendor Novell released updated LibreOffice packages for SUSE Linux Enterprise Desktop 10 and a LibreOffice update is also available for Ubuntu 12.04 (Precise Pangolin)