Test ID:	1.3.6.1.4.1.25623.1.1.10.2022.0400
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2022-0400)
Summary:	The remote host is missing an update for the 'libmwaw, libreoffice' package(s) announced via the MGASA-2022-0400 advisory.
Description:	Summary: The remote host is missing an update for the 'libmwaw, libreoffice' package(s) announced via the MGASA-2022-0400 advisory. Vulnerability Insight: LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. (CVE-2022-3140) Affected Software/OS: 'libmwaw, libreoffice' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-3140 DSA-5252 https://www.debian.org/security/2022/dsa-5252 FEDORA-2022-775c747e4a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TORANVTIWWBH3DNJR4UZATAG67KZOH32/ GLSA-202212-04 https://security.gentoo.org/glsa/202212-04 [debian-lts-announce] 20230326 [SECURITY] [DLA 3368-1] libreoffice security update https://lists.debian.org/debian-lts-announce/2023/03/msg00022.html https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.