Bug 1124062 - (CVE-2018-16858) VUL-0: CVE-2018-16858: libreoffice: InsertScript: Remote Code Execution via Macro/Event execution
(CVE-2018-16858)
VUL-0: CVE-2018-16858: libreoffice: InsertScript: Remote Code Execution via M...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P2 - High : Major
: ---
Assigned To: Tomáš Chvátal
Security Team bot
https://smash.suse.de/issue/224116/
CVSSv3:SUSE:CVE-2018-16858:8.8:(AV:N/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-02-02 18:46 UTC by Marcus Meissner
Modified: 2019-08-18 14:44 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-02-02 18:46:59 UTC
CVE-2018-16858

https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html

 Libreoffice (CVE-2018-16858) - Remote Code Execution via Macro/Event execution


I started to have a look at Libreoffice and discovered a way to achieve remote code execution as soon as a user opens a malicious ODT file and moves his mouse over the document, without triggering any warning dialog. This blogpost will describe the vulnerability I discovered. It must be noted the vulnerability will be discussed in the context of Windows but Linux can be exploited the same way.

Tested LibreOffice version: 6.1.2.1 (6.0.x does not allow to pass parameters)
Tested Operating Systems: Windows + Linux (both affected)

...
Comment 1 Vítězslav Čížek 2019-02-07 12:20:14 UTC
According to the upstream advisory at https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/ the bug was fixed in 6.1.3.

The only affected codestream seems to be SLE-11-SP4.

SLE-15-SP1, SLE-15 and SLE-12-SP3 and openSUSE distributions all are at 6.1.3.2.
Comment 2 Marcus Meissner 2019-02-07 12:28:16 UTC
we dont ship it for 11-sp4 anymore (SLED is EOLed for a while)

meaning fixed
Comment 3 Swamp Workflow Management 2019-02-22 10:40:16 UTC
This is an autogenerated message for OBS integration:
This bug (1124062) was mentioned in
https://build.opensuse.org/request/show/678206 Factory / libreoffice
Comment 4 Swamp Workflow Management 2019-02-25 13:40:15 UTC
This is an autogenerated message for OBS integration:
This bug (1124062) was mentioned in
https://build.opensuse.org/request/show/678914 Factory / libreoffice
Comment 5 Swamp Workflow Management 2019-02-26 10:00:16 UTC
This is an autogenerated message for OBS integration:
This bug (1124062) was mentioned in
https://build.opensuse.org/request/show/679191 Factory / libreoffice
Comment 6 Swamp Workflow Management 2019-03-04 10:10:17 UTC
This is an autogenerated message for OBS integration:
This bug (1124062) was mentioned in
https://build.opensuse.org/request/show/681242 Factory / libreoffice
Comment 9 Swamp Workflow Management 2019-06-07 16:16:38 UTC
SUSE-SU-2019:1448-1: An update that solves one vulnerability and has 11 fixes is now available.

Category: security (moderate)
Bug References: 1089811,1116451,1121874,1123131,1123455,1124062,1124869,1127760,1127857,1128845,1135189,1135228
CVE References: CVE-2018-16858
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    libixion-0.14.1-13.9.2, liborcus-0.14.1-10.12.2, libreoffice-6.2.3.2-43.49.1, libwps-0.4.10-10.13.2, myspell-dictionaries-20190423-16.18.1
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    libixion-0.14.1-13.9.2, liborcus-0.14.1-10.12.2, libreoffice-6.2.3.2-43.49.1, libwps-0.4.10-10.13.2, myspell-dictionaries-20190423-16.18.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    libixion-0.14.1-13.9.2, liborcus-0.14.1-10.12.2, libreoffice-6.2.3.2-43.49.1, libwps-0.4.10-10.13.2
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    libixion-0.14.1-13.9.2, liborcus-0.14.1-10.12.2, libreoffice-6.2.3.2-43.49.1, libwps-0.4.10-10.13.2
SUSE Linux Enterprise Desktop 12-SP4 (src):    libixion-0.14.1-13.9.2, liborcus-0.14.1-10.12.2, libreoffice-6.2.3.2-43.49.1, libwps-0.4.10-10.13.2, myspell-dictionaries-20190423-16.18.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    libixion-0.14.1-13.9.2, liborcus-0.14.1-10.12.2, libreoffice-6.2.3.2-43.49.1, libwps-0.4.10-10.13.2, myspell-dictionaries-20190423-16.18.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2019-07-29 16:20:38 UTC
SUSE-SU-2019:2003-1: An update that solves one vulnerability and has 18 fixes is now available.

Category: security (important)
Bug References: 1110348,1112112,1112113,1112114,1116451,1117195,1117300,1121874,1123131,1123455,1124062,1124658,1124869,1127760,1127857,1128845,1135189,1135228,882383
CVE References: CVE-2018-16858
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    libreoffice-6.2.5.2-8.5.1, libwps-0.4.10-7.3.3
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    libreoffice-6.2.5.2-8.5.1, libwps-0.4.10-7.3.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2019-08-18 13:46:49 UTC
openSUSE-SU-2019:1929-1: An update that solves one vulnerability and has 11 fixes is now available.

Category: security (moderate)
Bug References: 1089811,1116451,1121874,1123131,1123455,1124062,1124869,1127760,1127857,1128845,1135189,1135228
CVE References: CVE-2018-16858
Sources used:
openSUSE Leap 15.1 (src):    libixion-0.14.1-lp151.4.3.1, liborcus-0.14.1-lp151.3.3.1, libreoffice-6.2.5.2-lp151.3.3.4, libwps-0.4.10-lp151.2.3.1, mdds-1_4-1.4.3-lp151.2.1, myspell-dictionaries-20190423-lp151.2.3.1
openSUSE Leap 15.0 (src):    libixion-0.14.1-lp150.3.3.1, liborcus-0.14.1-lp150.2.3.1, libreoffice-6.2.5.2-lp150.2.13.3, libwps-0.4.10-lp150.7.1, mdds-1_4-1.4.3-lp150.2.1, myspell-dictionaries-20190423-lp150.2.10.1