Mageia 2022-0400: libreoffice security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
MGASA-2022-0400 - Updated libreoffice packages fix security vulnerability

Publication date: 28 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0400.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of
LibreOffice with MS SharePoint server. An additional scheme
'vnd.libreoffice.command' specific to LibreOffice was added. In the
affected versions of LibreOffice links using that scheme could be
constructed to call internal macros with arbitrary arguments. Which when
clicked on, or activated by document events, could result in arbitrary
script execution without warning. (CVE-2022-3140)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30959
- https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140
- https://www.debian.org/security/2022/dsa-5252
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/TORANVTIWWBH3DNJR4UZATAG67KZOH32/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3140

SRPMS:
- 8/core/libreoffice-7.3.6.2-1.mga8
- 8/core/libmwaw-0.3.21-1.mga8

Mageia 2022-0400: libreoffice security update

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server

Summary

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. (CVE-2022-3140)

References

- https://bugs.mageia.org/show_bug.cgi?id=30959

- https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140

- https://www.debian.org/security/2022/dsa-5252

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/TORANVTIWWBH3DNJR4UZATAG67KZOH32/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3140

Resolution

MGASA-2022-0400 - Updated libreoffice packages fix security vulnerability

SRPMS

- 8/core/libreoffice-7.3.6.2-1.mga8

- 8/core/libmwaw-0.3.21-1.mga8

Severity
Publication date: 28 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0400.html
Type: security
CVE: CVE-2022-3140

Related News

What Sysadmins Want to Know about OpenShift and Kubernetes in 2022

LibreOffice 7.4.3 Open-Source Office Suite Released with 100 Bug Fixes, Download Now

LibreOffice Security Update Fixes Macro Execution Bypass and Potential Password Leaking

News

Advisories

HOWTOs

Features

ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems
ZeroLock: How to Defend Against Ransomware on Linux

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy