Joined: 12 May 2004
|Posted: Mon Jun 27, 2016 12:26 am Post subject: [ GLSA 201606-15 ] FreeXL
|Gentoo Linux Security Advisory
Title: FreeXL: Multiple vulnerabilities (GLSA 201606-15)
Date: June 26, 2016
Multiple vulnerabilities have been found in FreeXL, allowing remote
attackers to executive arbitrary code or cause Denial of Service.
FreeXL is an open source library to extract valid data from within an
Excel (.xls) spreadsheet.
Vulnerable: < 1.0.1
Unaffected: >= 1.0.1
Architectures: All supported architectures
FreeXL’s shared strings and workbook functions are vulnerable to the
remote execution of arbitrary code and Denial of Service. This can be
achieved through specially crafted workbooks from attackers.
Remote attackers could potentially execute arbitrary code or cause
Denial of Service.
There is no known workaround at this time.
All FreeXL users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose "dev-libs/freexl-1.0.1"