Bugzilla – Bug 1149944
VUL-0: CVE-2019-9854: libreoffice: Unsafe URL assembly flaw in allowed script location check
Last modified: 2020-03-23 08:37:56 UTC
CVE-2019-9854 LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9854 http://www.debian.org/security/-1/dsa-4519 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9854.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9854 http://www.cvedetails.com/cve/CVE-2019-9854/ https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9854/
Tracked as affected SLE12-SP3 and SLE15 and SLE15-SP1
Submissions sent to SLE15SP1 SLE15 and SLE12SP3.
This is an autogenerated message for OBS integration: This bug (1149944) was mentioned in https://build.opensuse.org/request/show/729479 Factory / libreoffice
SUSE-SU-2019:2401-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1133534,1141861,1141862,1146098,1146105,1146107,1149943,1149944 CVE References: CVE-2019-9848,CVE-2019-9849,CVE-2019-9850,CVE-2019-9851,CVE-2019-9852,CVE-2019-9854,CVE-2019-9855 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): libreoffice-6.2.7.1-43.56.3 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): libreoffice-6.2.7.1-43.56.3 SUSE Linux Enterprise Desktop 12-SP4 (src): libreoffice-6.2.7.1-43.56.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2402-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1133534,1141861,1141862,1146098,1146105,1146107,1149943,1149944 CVE References: CVE-2019-9848,CVE-2019-9849,CVE-2019-9850,CVE-2019-9851,CVE-2019-9852,CVE-2019-9854,CVE-2019-9855 Sources used: SUSE Linux Enterprise Workstation Extension 15-SP1 (src): libreoffice-6.2.7.1-8.10.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): libreoffice-6.2.7.1-8.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1149944) was mentioned in https://build.opensuse.org/request/show/731894 Factory / libreoffice
openSUSE-SU-2019:2183-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1133534,1141861,1141862,1146098,1146105,1146107,1149943,1149944 CVE References: CVE-2019-9848,CVE-2019-9849,CVE-2019-9850,CVE-2019-9851,CVE-2019-9852,CVE-2019-9854,CVE-2019-9855 Sources used: openSUSE Leap 15.1 (src): libreoffice-6.2.7.1-lp151.3.6.1
SUSE-SU-2019:2686-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1149943,1149944 CVE References: CVE-2019-9854,CVE-2019-9855 Sources used: SUSE Linux Enterprise Workstation Extension 15 (src): libreoffice-6.2.7.1-3.24.4 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:2361-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1149943,1149944 CVE References: CVE-2019-9854,CVE-2019-9855 Sources used: openSUSE Leap 15.0 (src): libreoffice-6.2.7.1-lp150.2.19.1
done