openSUSE-SU-2017:2943-1

Описание

This update for libwpd fixes the following issues:

Security issue fixed:

• CVE-2017-14226: WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. (bnc#1058025)

Bugfixes:

• Fix various crashes, leaks and hangs when reading damaged files found by oss-fuzz.
• Fix crash when NULL is passed as input stream.
• Use symbol visibility on Linux. The library only exports public functions now.
• Avoid infinite loop. (libwpd#3)
• Remove bashism. (libwpd#5)
• Fix various crashes and hangs when reading broken files found with the help of american-fuzzy-lop.
• Make --help output of all command line tools more help2man-friendly.
• Miscellaneous fixes and cleanups.
• Generate manpages for the libwpd-tools

This update was imported from the SUSE:SLE-12:Update update project.