Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2022:3650-1 Important: LibreOffice Macro Risk and Patch

suse
Calendar Grey October 18, 2022
Dist Suse Esm H88
The latest LibreOffice update tackles three significant concerns while bolstering protection for SUSE Linux platforms, providing detailed patch recommendations.
An update that fixes three vulnerabilities, contains one feature is now available

Summary

This update for libreoffice fixes the following issues: Updated to version 7.3.6.2 (jsc#SLE-23447): - CVE-2022-3140: Fixed macro URL arbitrary script execution (bsc#1203209). - CVE-2022-26305: Fixed execution of untrusted Macros due to improper certificate validation (bsc#1201868). - CVE-2022-26307: Fixed weak Master Keys in password storage (bsc#1201872). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3650=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3650=1 - SUSE Linux Enterprise Workstation Extension 15-SP4:

Topics%20covered

Topics Covered

security advisory package update vulnerability important update macro execution libreoffice SUSE Linux Enterprise

References

#1201868 #1201872 #1203209 SLE-23447

Cross- CVE-2022-26305 CVE-2022-26307 CVE-2022-3140

CVSS scores:

CVE-2022-26305 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-26305 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2022-26307 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2022-26307 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CVE-2022-3140 (NVD) : 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected Products:

SUSE Linux Enterprise Desktop 15-SP3

SUSE Linux Enterprise Desktop 15-SP4

SUSE Linux Enterprise High Performance Computing 15-SP3

SUSE Linux Enterprise High Performance Computing 15-SP4

SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3650-1
Rating: important

Topics%20covered

Topics Covered

security advisory package update vulnerability important update macro execution libreoffice SUSE Linux Enterprise

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here