ID de Prueba:	1.3.6.1.4.1.25623.1.0.852915
Categoría:	SuSE Local Security Checks
Título:	openSUSE: Security Advisory for libreoffice (openSUSE-SU-2019:2183-1)
Resumen:	The remote host is missing an update for the 'libreoffice'; package(s) announced via the openSUSE-SU-2019:2183-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libreoffice' package(s) announced via the openSUSE-SU-2019:2183-1 advisory. Vulnerability Insight: This update for libreoffice fixes the following issues: Updated to version 6.2.7.1. Security issues fixed: - CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861). - CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862). - CVE-2019-9851: Fixed LibreLogo global-event script execution issue (bsc#1146105). - CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script location check (bsc#1146107). - CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo script execution (bsc#1146098). - CVE-2019-9854: Fixed unsafe URL assembly flaw (bsc#1149944). - CVE-2019-9855: Fixed path equivalence handling flaw (bsc#1149943) Non-security issue fixed: - SmartArt: Basic rendering of Trapezoid List (bsc#1133534). This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-2183=1 Affected Software/OS: 'libreoffice' package(s) on openSUSE Leap 15.1. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-9848 BugTraq ID: 109374 http://www.securityfocus.com/bid/109374 Bugtraq: 20190815 [SECURITY] [DSA 4501-1] libreoffice security update (Google Search) https://seclists.org/bugtraq/2019/Aug/28 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMEGUWMWORC3DOVEHVXLFT3A5RSCMLBH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPTZJCNN52VNGSVC5DFKVW3EDMRDWKMP/ https://security.gentoo.org/glsa/201908-13 https://lists.debian.org/debian-lts-announce/2019/10/msg00005.html SuSE Security Announcement: openSUSE-SU-2019:2057 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00006.html SuSE Security Announcement: openSUSE-SU-2019:2183 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00067.html https://usn.ubuntu.com/4063-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9849 Common Vulnerability Exposure (CVE) ID: CVE-2019-9850 Debian Security Information: DSA-4501 (Google Search) https://www.debian.org/security/2019/dsa-4501 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVSDPZJG3UA43X3JXRHJAWXLDZEW77LM/ https://usn.ubuntu.com/4102-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9851 http://packetstormsecurity.com/files/154168/LibreOffice-Macro-Python-Code-Execution.html Common Vulnerability Exposure (CVE) ID: CVE-2019-9852 Bugtraq: 20190910 [SECURITY] [DSA 4519-1] libreoffice security update (Google Search) https://seclists.org/bugtraq/2019/Sep/17 https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9852 Common Vulnerability Exposure (CVE) ID: CVE-2019-9854 Debian Security Information: DSA-4519 (Google Search) https://www.debian.org/security/2019/dsa-4519 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQKKOIY2DMZCXJINOLIQXD2NWISDKK3N/ SuSE Security Announcement: openSUSE-SU-2019:2361 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00055.html https://usn.ubuntu.com/4138-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-9855
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.