Alerts This Week
Warning Icon 1 924
Alerts This Week
Warning Icon 1 924

Mageia: 2019-0102 Moderate: LibreOffice Python Script Execution Risk

mageia
Calendar Grey February 22, 2019
Dist Mageia Esm H88
MGASA-2019-0102 - Updated libreoffice packages fix security vulnerability Publication date: 22 Feb 2
Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document (CVE-2018-16858)

Summary

Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document (CVE-2018-16858).
The libreoffice package has been updated to version 6.1.5.2, fixing this issue, and including several other bug fixes and enhancements. Several supporting library packages have been updated as well.
Here's the list of improvements from 5.3 to 6.1: https://wiki.documentfoundation.org/ReleaseNotes/5.4 https://wiki.documentfoundation.org/ReleaseNotes/6.0 https://wiki.documentfoundation.org/ReleaseNotes/6.1

References

- https://bugs.mageia.org/show_bug.cgi?id=24309

- https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/

- https://lists.debian.org/debian-security-announce/2019/msg00020.html

- https://www.cve.org/CVERecord?id=CVE-2018-16858

Topics%20covered

Topics Covered

security advisory directory traversal package update moderate threat mageia python execution risk libreoffice issue

Resolution

SRPMS

- 6/core/libabw-0.1.2-1.mga6

- 6/core/libcdr-0.1.5-1.mga6

- 6/core/libcmis-0.5.2-1.mga6

- 6/core/libe-book-0.1.3-1.mga6

- 6/core/libetonyek-0.1.9-1.mga6

- 6/core/libfreehand-0.1.2-2.mga6

- 6/core/libmspub-0.1.4-1.mga6

- 6/core/libmwaw-0.3.14-2.mga6

- 6/core/libodfgen-0.1.7-1.mga6

- 6/core/libpagemaker-0.0.4-1.mga6

- 6/core/libstaroffice-0.0.6-1.mga6

- 6/core/libvisio-0.1.6-1.mga6

- 6/core/libwpg-0.3.3-1.mga6

- 6/core/libwps-0.4.10-1.mga6

- 6/core/libzmf-0.0.2-1.mga6

- 6/core/cppunit-1.14.0-1.mga6

- 6/core/libepubgen-0.1.1-2.mga6

- 6/core/libixion-0.14.1-1.mga6

- 6/core/libnumbertext-1.0.5-1.mga6

- 6/core/liborcus-0.14.1-1.mga6

- 6/core/libqxp-0.0.2-1.mga6

- 6/core/mdds-1.4.3-1.mga6

- 6/core/libreoffice-6.1.5.2-1.1.mga6

Severity
medium
Lowest
Low
Medium
High
Critical

Publication date: 22 Feb 2019
URL: https://advisories.mageia.org/MGASA-2019-0102.html
Type: security
CVE: CVE-2018-16858

Topics%20covered

Topics Covered

security advisory directory traversal package update moderate threat mageia python execution risk libreoffice issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here