Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Debian 11: DLA-4020-1 critical vulnerabilities in libreoffice access paths

debian lts
Calendar Grey January 19, 2025
Dist Debian Esm H88
The advisory DLA-4021-1 from Debian tackles significant vulnerabilities in firefox, bolstering the security of web browsers.
Libreoffice an office productivity software suite, was affected by two vulnerabilities CVE-2024-12425

Summary

CVE-2024-12425

Improper Limitation of a Pathname to a Restricted Directory
('Path Traversal') vulnerability allows Absolute Path Traversal.
An attacker can write to arbitrary locations, albeit suffixed
with ".ttf", by supplying a file in a format that supports
embedded font files

CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values
to an Unauthorized Actor vulnerability.
URLs could be constructed which expanded environmental variables
or INI file values, so potentially sensitive information could
be exfiltrated to a remote server on opening a document
containing such links.

For Debian 11 bullseye, these problems have been fixed in version
1:7.0.4-4+deb11u12.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/libreoffice

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: libreoffice
Version: 1:7.0.4-4+deb11u12
CVE ID: CVE-2024-12425 CVE-2024-12426

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here