Security update for libwpd (important)

2017-11-0615:07:29

lists.opensuse.org

0.005 Low

EPSS

Percentile

76.8%

JSON

This update for libwpd fixes the following issues:

Security issue fixed:

CVE-2017-14226: WP1StylesListener.cpp, WP5StylesListener.cpp, and
WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which
allows remote attackers to cause a denial of service (heap-based buffer
over-read in the WPXTableList class in WPXTable.cpp). This vulnerability
can be triggered in LibreOffice before 5.3.7. It may lead to suffering a
remote attack against a LibreOffice application. (bnc#1058025)

Bugfixes:

Fix various crashes, leaks and hangs when reading damaged files found by
oss-fuzz.
Fix crash when NULL is passed as input stream.
Use symbol visibility on Linux. The library only exports public
functions now.
Avoid infinite loop. (libwpd#3)
Remove bashism. (libwpd#5)
Fix various crashes and hangs when reading broken files found with the
help of american-fuzzy-lop.
Make --help output of all command line tools more help2man-friendly.
Miscellaneous fixes and cleanups.
Generate manpages for the libwpd-tools

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Software Development Kit12.2ppc64lelibwpd-0_10-10< 0.10.2-2.4.1libwpd-0_10-10-0.10.2-2.4.1.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit12.3s390xlibwpd-devel< 0.10.2-2.4.1libwpd-devel-0.10.2-2.4.1.s390x.rpm
SUSE Linux Enterprise Software Development Kit12.2ppc64lelibwpd-debugsource< 0.10.2-2.4.1libwpd-debugsource-0.10.2-2.4.1.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit12.2s390xlibwpd-0_10-10-debuginfo< 0.10.2-2.4.1libwpd-0_10-10-debuginfo-0.10.2-2.4.1.s390x.rpm
SUSE Linux Enterprise Desktop12.3x86_64libwpd-0_10-10< 0.10.2-2.4.1libwpd-0_10-10-0.10.2-2.4.1.x86_64.rpm
SUSE Linux Enterprise Desktop12.2x86_64libwpd-0_10-10< 0.10.2-2.4.1libwpd-0_10-10-0.10.2-2.4.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit12.3x86_64libwpd-devel< 0.10.2-2.4.1libwpd-devel-0.10.2-2.4.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit12.3s390xlibwpd-debugsource< 0.10.2-2.4.1libwpd-debugsource-0.10.2-2.4.1.s390x.rpm
SUSE Linux Enterprise Software Development Kit12.2aarch64libwpd-0_10-10-debuginfo< 0.10.2-2.4.1libwpd-0_10-10-debuginfo-0.10.2-2.4.1.aarch64.rpm
SUSE Linux Enterprise Software Development Kit12.3noarchlibwpd-devel-doc< 0.10.2-2.4.1libwpd-devel-doc-0.10.2-2.4.1.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Software Development Kit	12.2	ppc64le	libwpd-0_10-10	< 0.10.2-2.4.1	libwpd-0_10-10-0.10.2-2.4.1.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit	12.3	s390x	libwpd-devel	< 0.10.2-2.4.1	libwpd-devel-0.10.2-2.4.1.s390x.rpm
SUSE Linux Enterprise Software Development Kit	12.2	ppc64le	libwpd-debugsource	< 0.10.2-2.4.1	libwpd-debugsource-0.10.2-2.4.1.ppc64le.rpm
SUSE Linux Enterprise Software Development Kit	12.2	s390x	libwpd-0_10-10-debuginfo	< 0.10.2-2.4.1	libwpd-0_10-10-debuginfo-0.10.2-2.4.1.s390x.rpm
SUSE Linux Enterprise Desktop	12.3	x86_64	libwpd-0_10-10	< 0.10.2-2.4.1	libwpd-0_10-10-0.10.2-2.4.1.x86_64.rpm
SUSE Linux Enterprise Desktop	12.2	x86_64	libwpd-0_10-10	< 0.10.2-2.4.1	libwpd-0_10-10-0.10.2-2.4.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit	12.3	x86_64	libwpd-devel	< 0.10.2-2.4.1	libwpd-devel-0.10.2-2.4.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit	12.3	s390x	libwpd-debugsource	< 0.10.2-2.4.1	libwpd-debugsource-0.10.2-2.4.1.s390x.rpm
SUSE Linux Enterprise Software Development Kit	12.2	aarch64	libwpd-0_10-10-debuginfo	< 0.10.2-2.4.1	libwpd-0_10-10-debuginfo-0.10.2-2.4.1.aarch64.rpm
SUSE Linux Enterprise Software Development Kit	12.3	noarch	libwpd-devel-doc	< 0.10.2-2.4.1	libwpd-devel-doc-0.10.2-2.4.1.noarch.rpm