Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:4984-1

Опубликовано: 28 дек. 2023
Источник: suse-cvrf

Описание

Security update for libreoffice

This update for libreoffice fixes the following issues:

  • CVE-2023-6186: Fixed link targets allow arbitrary script execution (bsc#1217578).
  • CVE-2023-6185: Fixed Improper input validation enabling arbitrary Gstreamer pipeline injection (bsc#1217577).

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP5
libreoffice-sdk-7.6.2.1-48.51.4
SUSE Linux Enterprise Workstation Extension 12 SP5
libreoffice-7.6.2.1-48.51.4
libreoffice-base-7.6.2.1-48.51.4
libreoffice-base-drivers-postgresql-7.6.2.1-48.51.4
libreoffice-branding-upstream-7.6.2.1-48.51.4
libreoffice-calc-7.6.2.1-48.51.4
libreoffice-calc-extensions-7.6.2.1-48.51.4
libreoffice-draw-7.6.2.1-48.51.4
libreoffice-filters-optional-7.6.2.1-48.51.4
libreoffice-gnome-7.6.2.1-48.51.4
libreoffice-gtk3-7.6.2.1-48.51.4
libreoffice-icon-themes-7.6.2.1-48.51.4
libreoffice-impress-7.6.2.1-48.51.4
libreoffice-l10n-af-7.6.2.1-48.51.4
libreoffice-l10n-ar-7.6.2.1-48.51.4
libreoffice-l10n-bg-7.6.2.1-48.51.4
libreoffice-l10n-ca-7.6.2.1-48.51.4
libreoffice-l10n-cs-7.6.2.1-48.51.4
libreoffice-l10n-da-7.6.2.1-48.51.4
libreoffice-l10n-de-7.6.2.1-48.51.4
libreoffice-l10n-en-7.6.2.1-48.51.4
libreoffice-l10n-es-7.6.2.1-48.51.4
libreoffice-l10n-fi-7.6.2.1-48.51.4
libreoffice-l10n-fr-7.6.2.1-48.51.4
libreoffice-l10n-gu-7.6.2.1-48.51.4
libreoffice-l10n-hi-7.6.2.1-48.51.4
libreoffice-l10n-hr-7.6.2.1-48.51.4
libreoffice-l10n-hu-7.6.2.1-48.51.4
libreoffice-l10n-it-7.6.2.1-48.51.4
libreoffice-l10n-ja-7.6.2.1-48.51.4
libreoffice-l10n-ko-7.6.2.1-48.51.4
libreoffice-l10n-lt-7.6.2.1-48.51.4
libreoffice-l10n-nb-7.6.2.1-48.51.4
libreoffice-l10n-nl-7.6.2.1-48.51.4
libreoffice-l10n-nn-7.6.2.1-48.51.4
libreoffice-l10n-pl-7.6.2.1-48.51.4
libreoffice-l10n-pt_BR-7.6.2.1-48.51.4
libreoffice-l10n-pt_PT-7.6.2.1-48.51.4
libreoffice-l10n-ro-7.6.2.1-48.51.4
libreoffice-l10n-ru-7.6.2.1-48.51.4
libreoffice-l10n-sk-7.6.2.1-48.51.4
libreoffice-l10n-sv-7.6.2.1-48.51.4
libreoffice-l10n-uk-7.6.2.1-48.51.4
libreoffice-l10n-xh-7.6.2.1-48.51.4
libreoffice-l10n-zh_CN-7.6.2.1-48.51.4
libreoffice-l10n-zh_TW-7.6.2.1-48.51.4
libreoffice-l10n-zu-7.6.2.1-48.51.4
libreoffice-librelogo-7.6.2.1-48.51.4
libreoffice-mailmerge-7.6.2.1-48.51.4
libreoffice-math-7.6.2.1-48.51.4
libreoffice-officebean-7.6.2.1-48.51.4
libreoffice-pyuno-7.6.2.1-48.51.4
libreoffice-writer-7.6.2.1-48.51.4
libreoffice-writer-extensions-7.6.2.1-48.51.4

Ссылки

Описание

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:libreoffice-sdk-7.6.2.1-48.51.4
SUSE Linux Enterprise Workstation Extension 12 SP5:libreoffice-7.6.2.1-48.51.4
SUSE Linux Enterprise Workstation Extension 12 SP5:libreoffice-base-7.6.2.1-48.51.4
SUSE Linux Enterprise Workstation Extension 12 SP5:libreoffice-base-drivers-postgresql-7.6.2.1-48.51.4
Ссылки

Описание

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:libreoffice-sdk-7.6.2.1-48.51.4
SUSE Linux Enterprise Workstation Extension 12 SP5:libreoffice-7.6.2.1-48.51.4
SUSE Linux Enterprise Workstation Extension 12 SP5:libreoffice-base-7.6.2.1-48.51.4
SUSE Linux Enterprise Workstation Extension 12 SP5:libreoffice-base-drivers-postgresql-7.6.2.1-48.51.4
Ссылки