Bugzilla – Bug 1141862
VUL-1: CVE-2019-9848: libreoffice: LibreLogo arbitrary script execution
Last modified: 2020-02-05 07:47:57 UTC
Title: CVE-2019-9848 LibreLogo arbitrary script execution Announced: July 16, 2019 Fixed in: 6.2.5 Description: LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler.. Credits: Thanks to Nils Emmerich of ERNW Research GmbH for discovering and reporting this issue References: https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9848 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9848 http://www.debian.org/security/2019/dsa-4483 http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-9848.html
We are already processing update to 6.2.5 to SLE12/15. TW already contains this version. I will just updated TW changelog for the reference to be picked with future maint-updates.
This is an autogenerated message for OBS integration: This bug (1141862) was mentioned in https://build.opensuse.org/request/show/718458 Factory / libreoffice
This is an autogenerated message for OBS integration: This bug (1141862) was mentioned in https://build.opensuse.org/request/show/720252 Factory / libreoffice
All the codestreams should have the fix.
This is an autogenerated message for OBS integration: This bug (1141862) was mentioned in https://build.opensuse.org/request/show/721691 Factory / libreoffice
SUSE-SU-2019:2231-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1133534,1141861,1141862,1146098,1146105,1146107 CVE References: CVE-2019-9848,CVE-2019-9849,CVE-2019-9850,CVE-2019-9851,CVE-2019-9852 Sources used: SUSE Linux Enterprise Workstation Extension 15 (src): libreoffice-6.2.6.2-3.21.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:2057-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1133534,1141861,1141862,1146098,1146105,1146107 CVE References: CVE-2019-9848,CVE-2019-9849,CVE-2019-9850,CVE-2019-9851,CVE-2019-9852 Sources used: openSUSE Leap 15.0 (src): libreoffice-6.2.6.2-lp150.2.16.1
SUSE-SU-2019:2401-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1133534,1141861,1141862,1146098,1146105,1146107,1149943,1149944 CVE References: CVE-2019-9848,CVE-2019-9849,CVE-2019-9850,CVE-2019-9851,CVE-2019-9852,CVE-2019-9854,CVE-2019-9855 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP4 (src): libreoffice-6.2.7.1-43.56.3 SUSE Linux Enterprise Software Development Kit 12-SP4 (src): libreoffice-6.2.7.1-43.56.3 SUSE Linux Enterprise Desktop 12-SP4 (src): libreoffice-6.2.7.1-43.56.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2402-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1133534,1141861,1141862,1146098,1146105,1146107,1149943,1149944 CVE References: CVE-2019-9848,CVE-2019-9849,CVE-2019-9850,CVE-2019-9851,CVE-2019-9852,CVE-2019-9854,CVE-2019-9855 Sources used: SUSE Linux Enterprise Workstation Extension 15-SP1 (src): libreoffice-6.2.7.1-8.10.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): libreoffice-6.2.7.1-8.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2019:2183-1: An update that solves 7 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1133534,1141861,1141862,1146098,1146105,1146107,1149943,1149944 CVE References: CVE-2019-9848,CVE-2019-9849,CVE-2019-9850,CVE-2019-9851,CVE-2019-9852,CVE-2019-9854,CVE-2019-9855 Sources used: openSUSE Leap 15.1 (src): libreoffice-6.2.7.1-lp151.3.6.1
done