Описание
Security update for perl-Spreadsheet-ParseExcel
This update for perl-Spreadsheet-ParseExcel fixes the following issues:
- CVE-2023-7101: Fixed a command injection issue when parsing an untrusted spreadsheet (bsc#1218414).
Список пакетов
SUSE Enterprise Storage 7.1
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise Real Time 15 SP4
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise Server 15 SP1-LTSS
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise Server 15 SP2-LTSS
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise Server 15 SP3-LTSS
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise Server 15 SP4-LTSS
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Manager Proxy 4.3
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Manager Server 4.3
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
openSUSE Leap 15.5
perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
Ссылки
- Link for SUSE-SU-2024:0158-1
- E-Mail link for SUSE-SU-2024:0158-1
- SUSE Security Ratings
- SUSE Bug 1218414
- SUSE CVE CVE-2023-7101 page
Описание
Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type "eval". Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.
Затронутые продукты
SUSE Enterprise Storage 7.1:perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:perl-Spreadsheet-ParseExcel-0.65-150000.3.3.1
Ссылки
- CVE-2023-7101
- SUSE Bug 1218414
- SUSE Bug 1226225