[SECURITY] [DSA 5252-1] libreoffice security update

2022-10-1217:35:07

lists.debian.org

debian

libreoffice

security update

cve-2022-3140

macro commands

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.2%

JSON

Debian Security Advisory DSA-5252-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
October 12, 2022 https://www.debian.org/security/faq

Package : libreoffice
CVE ID : CVE-2022-3140

It was discovered that insufficient validation of
"vnd.libreoffice.command" URI schemes could result in the execution of
arbitrary macro commands.

For the stable distribution (bullseye), this problem has been fixed in
version 1:7.0.4-4+deb11u4.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11s390xpython3-uno-dbgsym< 1:7.0.4-4+deb11u4python3-uno-dbgsym_1:7.0.4-4+deb11u4_s390x.deb
Debian10alllibreoffice-help-zh-tw< 1:6.1.5-3+deb10u8libreoffice-help-zh-tw_1:6.1.5-3+deb10u8_all.deb
Debian11ppc64ellibreoffice-writer-nogui< 1:7.0.4-4+deb11u4libreoffice-writer-nogui_1:7.0.4-4+deb11u4_ppc64el.deb
Debian11arm64libreoffice-kf5-dbgsym< 1:7.0.4-4+deb11u4libreoffice-kf5-dbgsym_1:7.0.4-4+deb11u4_arm64.deb
Debian10arm64libreoffice-sdbc-hsqldb< 1:6.1.5-3+deb10u8libreoffice-sdbc-hsqldb_1:6.1.5-3+deb10u8_arm64.deb
Debian11alllibridl-java< 1:7.0.4-4+deb11u4libridl-java_1:7.0.4-4+deb11u4_all.deb
Debian10alllibreoffice-style-tango< 1:6.1.5-3+deb10u8libreoffice-style-tango_1:6.1.5-3+deb10u8_all.deb
Debian10amd64libreofficekit-dev< 1:6.1.5-3+deb10u8libreofficekit-dev_1:6.1.5-3+deb10u8_amd64.deb
Debian11alllibreoffice-l10n-km< 1:7.0.4-4+deb11u4libreoffice-l10n-km_1:7.0.4-4+deb11u4_all.deb
Debian11alllibreoffice-help-hu< 1:7.0.4-4+deb11u4libreoffice-help-hu_1:7.0.4-4+deb11u4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	s390x	python3-uno-dbgsym	< 1:7.0.4-4+deb11u4	python3-uno-dbgsym_1:7.0.4-4+deb11u4_s390x.deb
Debian	10	all	libreoffice-help-zh-tw	< 1:6.1.5-3+deb10u8	libreoffice-help-zh-tw_1:6.1.5-3+deb10u8_all.deb
Debian	11	ppc64el	libreoffice-writer-nogui	< 1:7.0.4-4+deb11u4	libreoffice-writer-nogui_1:7.0.4-4+deb11u4_ppc64el.deb
Debian	11	arm64	libreoffice-kf5-dbgsym	< 1:7.0.4-4+deb11u4	libreoffice-kf5-dbgsym_1:7.0.4-4+deb11u4_arm64.deb
Debian	10	arm64	libreoffice-sdbc-hsqldb	< 1:6.1.5-3+deb10u8	libreoffice-sdbc-hsqldb_1:6.1.5-3+deb10u8_arm64.deb
Debian	11	all	libridl-java	< 1:7.0.4-4+deb11u4	libridl-java_1:7.0.4-4+deb11u4_all.deb
Debian	10	all	libreoffice-style-tango	< 1:6.1.5-3+deb10u8	libreoffice-style-tango_1:6.1.5-3+deb10u8_all.deb
Debian	10	amd64	libreofficekit-dev	< 1:6.1.5-3+deb10u8	libreofficekit-dev_1:6.1.5-3+deb10u8_amd64.deb
Debian	11	all	libreoffice-l10n-km	< 1:7.0.4-4+deb11u4	libreoffice-l10n-km_1:7.0.4-4+deb11u4_all.deb
Debian	11	all	libreoffice-help-hu	< 1:7.0.4-4+deb11u4	libreoffice-help-hu_1:7.0.4-4+deb11u4_all.deb