[SECURITY] [DSA 5415-1] libreoffice security update

2023-05-2815:25:12

lists.debian.org

cve-2023-0950

spreadsheet

floating frame

libreoffice

bullseye

cve-2023-2255

debian

debian security advisory

security update

arbitrary code

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

34.2%

JSON

Debian Security Advisory DSA-5415-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
May 28, 2023 https://www.debian.org/security/faq

Package : libreoffice
CVE ID : CVE-2023-0950 CVE-2023-2255

Two security issues were discocvered in LibreOffice, which could
potentially result in the execution of arbitrary code when loading a
malformed spreadsheet document or unacknowlegded loading of linked
documents within a floating frame.

For the stable distribution (bullseye), these problems have been fixed in
version 1:7.0.4-4+deb11u7.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian11armellibuno-salhelpergcc3-3< 1:7.0.4-4+deb11u7libuno-salhelpergcc3-3_1:7.0.4-4+deb11u7_armel.deb
Debian11mipsellibreoffice-sdbc-firebird-dbgsym< 1:7.0.4-4+deb11u7libreoffice-sdbc-firebird-dbgsym_1:7.0.4-4+deb11u7_mipsel.deb
Debian11alllibreoffice-l10n-kk< 1:7.0.4-4+deb11u7libreoffice-l10n-kk_1:7.0.4-4+deb11u7_all.deb
Debian11alllibreoffice-report-builder< 1:7.0.4-4+deb11u7libreoffice-report-builder_1:7.0.4-4+deb11u7_all.deb
Debian11ppc64ellibreoffice-sdbc-postgresql< 1:7.0.4-4+deb11u7libreoffice-sdbc-postgresql_1:7.0.4-4+deb11u7_ppc64el.deb
Debian11alllibreoffice-l10n-pa-in< 1:7.0.4-4+deb11u7libreoffice-l10n-pa-in_1:7.0.4-4+deb11u7_all.deb
Debian10alllibreoffice-help-pt-br< 1:6.1.5-3+deb10u10libreoffice-help-pt-br_1:6.1.5-3+deb10u10_all.deb
Debian10alllibreoffice-l10n-xh< 1:6.1.5-3+deb10u10libreoffice-l10n-xh_1:6.1.5-3+deb10u10_all.deb
Debian10i386libreoffice-officebean< 1:6.1.5-3+deb10u10libreoffice-officebean_1:6.1.5-3+deb10u10_i386.deb
Debian11ppc64elgir1.2-lokdocview-0.1< 1:7.0.4-4+deb11u7gir1.2-lokdocview-0.1_1:7.0.4-4+deb11u7_ppc64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	armel	libuno-salhelpergcc3-3	< 1:7.0.4-4+deb11u7	libuno-salhelpergcc3-3_1:7.0.4-4+deb11u7_armel.deb
Debian	11	mipsel	libreoffice-sdbc-firebird-dbgsym	< 1:7.0.4-4+deb11u7	libreoffice-sdbc-firebird-dbgsym_1:7.0.4-4+deb11u7_mipsel.deb
Debian	11	all	libreoffice-l10n-kk	< 1:7.0.4-4+deb11u7	libreoffice-l10n-kk_1:7.0.4-4+deb11u7_all.deb
Debian	11	all	libreoffice-report-builder	< 1:7.0.4-4+deb11u7	libreoffice-report-builder_1:7.0.4-4+deb11u7_all.deb
Debian	11	ppc64el	libreoffice-sdbc-postgresql	< 1:7.0.4-4+deb11u7	libreoffice-sdbc-postgresql_1:7.0.4-4+deb11u7_ppc64el.deb
Debian	11	all	libreoffice-l10n-pa-in	< 1:7.0.4-4+deb11u7	libreoffice-l10n-pa-in_1:7.0.4-4+deb11u7_all.deb
Debian	10	all	libreoffice-help-pt-br	< 1:6.1.5-3+deb10u10	libreoffice-help-pt-br_1:6.1.5-3+deb10u10_all.deb
Debian	10	all	libreoffice-l10n-xh	< 1:6.1.5-3+deb10u10	libreoffice-l10n-xh_1:6.1.5-3+deb10u10_all.deb
Debian	10	i386	libreoffice-officebean	< 1:6.1.5-3+deb10u10	libreoffice-officebean_1:6.1.5-3+deb10u10_i386.deb
Debian	11	ppc64el	gir1.2-lokdocview-0.1	< 1:7.0.4-4+deb11u7	gir1.2-lokdocview-0.1_1:7.0.4-4+deb11u7_ppc64el.deb