Debian Security Advisory
DLA-1947-1 libreoffice -- LTS security update
- Date Reported:
- 06 Oct 2019
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2019-9848, CVE-2019-9849, CVE-2019-9850, CVE-2019-9851, CVE-2019-9852, CVE-2019-9853, CVE-2019-9854.
- More information:
Several vulnerabilities were discovered in LibreOffice, the office productivity suite.
Nils Emmerich discovered that malicious documents could execute arbitrary Python code via LibreLogo.
Matei Badanoiu discovered that the stealth mode did not apply to bullet graphics.
It was discovered that the protections implemented in CVE-2019-9848 could be bypassed because of insufficient URL validation.
Gabriel Masei discovered that malicious documents could execute arbitrary pre-installed scripts.
Nils Emmerich discovered that the protection implemented to address CVE-2018-16858 could be bypassed by a URL encoding attack.
Nils Emmerich discovered that malicious documents could bypass document security settings to execute macros contained within the document.
It was discovered that the protection implemented to address CVE-2019-9852 could be bypassed because of insufficient input sanitization.
For Debian 8
Jessie, these problems have been fixed in version 1:4.3.3-2+deb8u13.
We recommend that you upgrade your libreoffice packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS