| Description: | Summary:
The remote host is missing an update for the 'libreoffice' package(s) announced via the MGASA-2019-0340 advisory.
Vulnerability Insight:
Updated libreoffice packages fix security vulnerabilities:
LibreOffice has a feature where documents can specify that pre-installed
scripts can be executed on various document events such as mouse-over, etc.
LibreOffice is typically also bundled with LibreLogo, a programmable turtle
vector graphics script, which can be manipulated into executing arbitrary
python commands. By using the document event feature to trigger LibreLogo
to execute python contained within a document a malicious document could be
constructed which would execute arbitrary python commands silently without
warning. In the fixed versions, LibreLogo cannot be called from a document
event handler (CVE-2019-9848).
LibreOffice has a 'stealth mode' in which only documents from locations
deemed 'trusted' are allowed to retrieve remote resources. This mode is
not the default mode, but can be enabled by users who want to disable
LibreOffice's ability to include remote resources within a document.
A flaw existed where bullet graphics were omitted from this protection
(CVE-2019-9849).
LibreOffice is typically bundled with LibreLogo, a programmable turtle
vector graphics script, which can execute arbitrary python commands
contained with the document it is launched from. LibreOffice also has a
feature where documents can specify that pre-installed scripts can be
executed on various document script events such as mouse-over, etc.
Protection was added, to address CVE-2019-9848, to block calling LibreLogo
from script event handers. However an insufficient url validation
vulnerability in LibreOffice allowed malicious to bypass that protection
and again trigger calling LibreLogo from script event handlers
(CVE-2019-9850).
LibreOffice is typically bundled with LibreLogo, a programmable turtle
vector graphics script, which can execute arbitrary python commands
contained with the document it is launched from. Protection was added, to
address CVE-2019-9848, to block calling LibreLogo from document event
script handers, e.g. mouse over. However LibreOffice also has a separate
feature where documents can specify that pre-installed scripts can be
executed on various global script events such as document-open, etc. In
the fixed versions, global script event handlers are validated equivalently
to document script event handlers (CVE-2019-9851).
LibreOffice has a feature where documents can specify that pre-installed
macros can be executed on various script events such as mouse-over,
document-open etc. Access is intended to be restricted to scripts under the
share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice
install. Protection was added, to address CVE-2018-16858, to avoid a
directory traversal attack where scripts in arbitrary locations on the file
system could be executed. However this new protection could be bypassed by
a URL encoding attack. In the fixed versions, the parsed url describing ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'libreoffice' package(s) on Mageia 7.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
