SB2020042853 - Red Hat Enterprise Linux 8 update for libreoffice

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020042853

SB2020042853 - Red Hat Enterprise Linux 8 update for libreoffice

Published: April 28, 2020

Security Bulletin ID SB2020042853
Severity
High
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 83% Low 17%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2019-9849)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect implementation of stealth mode feature, intended as an additional level of security that allows to retrieve online content into document from trusted resources only. A remote attacker can create a specially crafted document with bullet graphics, bypass the intended security restrictions and make the application retrieve data from arbitrary external sources.


2) Input validation error (CVE-ID: CVE-2019-9850)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient patching of URL validation, as described in SB2019071703 #1. A remote attacker can bypass the protection that blocks calling LibreLogo from script event handlers and again trigger this calling.


3) Input validation error (CVE-ID: CVE-2019-9851)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to the affected software mishandles LibreLogo scripts. A remote attacker can persuade a user to open a specially crafted document and execute arbitrary commands on an affected system.


4) Path traversal (CVE-ID: CVE-2019-9852)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to insufficient URL encoding in script location checks. A remote attacker can by persuade a user to open a specially crafted document and execute preinstalled macros on the target system.


5) Input validation error (CVE-ID: CVE-2019-9853)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input when decoding URL in macro location. While documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings. A remote attacker can create a specially crafted document that once opened will execute arbitrary macro on the system with privileges of the current user.


6) Improper access control (CVE-ID: CVE-2019-9854)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to unsafe URL assembly flaw in allowed script location check. A remote authenticated attacker can execute script in arbitrary locations on the filesystem by employing a URL encoding attack to defeat the path verification step.





Remediation

Install update from vendor's website.

References