Описание
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libreoffice | fixed | 1:7.3.1-1 | package | |
| libreoffice | fixed | 1:7.0.4-4+deb11u6 | bullseye | package |
Примечания
https://cgit.freedesktop.org/libreoffice/core/commit/?id=5e8f64e50f97d39e83a3358697be14db03566878
https://www.libreoffice.org/about-us/security/advisories/CVE-2022-38745
Связанные уязвимости
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.
Уязвимость пакета офисных программ Apache OpenOffice, связанная с возможностью добавления пустой записи в путь к Java-классу, позволяющая нарушителю выполнить произвольный код