SB2019070924 - Security restrictions bypass in libreoffice (Alpine package)
Published: July 9, 2019
Security Bulletin ID
SB2019070924
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Security restrictions bypass (CVE-ID: CVE-2019-9849)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to incorrect implementation of stealth mode feature, intended as an additional level of security that allows to retrieve online content into document from trusted resources only. A remote attacker can create a specially crafted document with bullet graphics, bypass the intended security restrictions and make the application retrieve data from arbitrary external sources.
Remediation
Install update from vendor's website.