SB2020072754 - Gentoo update for FreeXL

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2018-7435)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the freexl::destroy_cell function. A remote attacker can perform a denial of service attack.

2) Out-of-bounds read (CVE-ID: CVE-2018-7436)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in a pointer dereference of the parse_SST function. A remote attacker can perform a denial of service attack.

3) Out-of-bounds read (CVE-ID: CVE-2018-7437)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in a memcpy call of the parse_SST function. A remote attacker can perform a denial of service attack.

4) Out-of-bounds read (CVE-ID: CVE-2018-7438)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the parse_unicode_string function. A remote attacker can perform a denial of service attack.

5) Out-of-bounds read (CVE-ID: CVE-2018-7439)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in the function read_mini_biff_next_record. A remote attacker can perform a denial of service attack.

Remediation

Install update from vendor's website.

References

• https://security.gentoo.org/
• https://security.gentoo.org/glsa/202007-44