Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU76612
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0950
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper validation of array index when malformed spreadsheet formulas, such as AGGREGATE. A remote attacker can trick the victim to open a specially crafted file, trigger an array index underflow and execute arbitrary code on the system.
Update the affected package LibreOffice to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server 12: SP4 - SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE OpenStack Cloud Crowbar: 9
SUSE OpenStack Cloud: 9
libreoffice-l10n-en: before 7.5.4.1-48.44.2
libreoffice-l10n-es: before 7.5.4.1-48.44.2
libreoffice-l10n-pt_BR: before 7.5.4.1-48.44.2
libreoffice-l10n-sv: before 7.5.4.1-48.44.2
libreoffice-l10n-ca: before 7.5.4.1-48.44.2
libreoffice-l10n-pl: before 7.5.4.1-48.44.2
libreoffice-l10n-ro: before 7.5.4.1-48.44.2
libreoffice-l10n-ja: before 7.5.4.1-48.44.2
libreoffice-l10n-nn: before 7.5.4.1-48.44.2
libreoffice-l10n-fi: before 7.5.4.1-48.44.2
libreoffice-l10n-hi: before 7.5.4.1-48.44.2
libreoffice-l10n-hu: before 7.5.4.1-48.44.2
libreoffice-branding-upstream: before 7.5.4.1-48.44.2
libreoffice-l10n-af: before 7.5.4.1-48.44.2
libreoffice-l10n-zu: before 7.5.4.1-48.44.2
libreoffice-l10n-da: before 7.5.4.1-48.44.2
libreoffice-l10n-nl: before 7.5.4.1-48.44.2
libreoffice-l10n-nb: before 7.5.4.1-48.44.2
libreoffice-l10n-pt_PT: before 7.5.4.1-48.44.2
libreoffice-l10n-ko: before 7.5.4.1-48.44.2
libreoffice-l10n-xh: before 7.5.4.1-48.44.2
libreoffice-l10n-hr: before 7.5.4.1-48.44.2
libreoffice-l10n-ru: before 7.5.4.1-48.44.2
libreoffice-icon-themes: before 7.5.4.1-48.44.2
libreoffice-l10n-gu: before 7.5.4.1-48.44.2
libreoffice-l10n-fr: before 7.5.4.1-48.44.2
libreoffice-l10n-cs: before 7.5.4.1-48.44.2
libreoffice-l10n-ar: before 7.5.4.1-48.44.2
libreoffice-l10n-uk: before 7.5.4.1-48.44.2
libreoffice-l10n-bg: before 7.5.4.1-48.44.2
libreoffice-l10n-zh_TW: before 7.5.4.1-48.44.2
libreoffice-l10n-sk: before 7.5.4.1-48.44.2
libreoffice-l10n-it: before 7.5.4.1-48.44.2
libreoffice-l10n-de: before 7.5.4.1-48.44.2
libreoffice-l10n-lt: before 7.5.4.1-48.44.2
libreoffice-l10n-zh_CN: before 7.5.4.1-48.44.2
libreoffice-calc: before 7.5.4.1-48.44.2
fixmath-devel: before 2022.07.20-8.3.48
libreoffice-draw-debuginfo: before 7.5.4.1-48.44.2
libreoffice-officebean: before 7.5.4.1-48.44.2
libreoffice-base-drivers-postgresql: before 7.5.4.1-48.44.2
libreoffice-impress: before 7.5.4.1-48.44.2
libreoffice-math: before 7.5.4.1-48.44.2
libreoffice-draw: before 7.5.4.1-48.44.2
libreoffice-base-drivers-postgresql-debuginfo: before 7.5.4.1-48.44.2
libreoffice-filters-optional: before 7.5.4.1-48.44.2
libreoffice-officebean-debuginfo: before 7.5.4.1-48.44.2
libreoffice-pyuno-debuginfo: before 7.5.4.1-48.44.2
libreoffice-gtk3: before 7.5.4.1-48.44.2
libreoffice-pyuno: before 7.5.4.1-48.44.2
libreoffice-gnome: before 7.5.4.1-48.44.2
libreoffice-gtk3-debuginfo: before 7.5.4.1-48.44.2
libmwaw-0_3-3-debuginfo: before 0.3.21-7.24.14
libreoffice-librelogo: before 7.5.4.1-48.44.2
dragonbox-devel: before 1.1.3-8.3.48
libreoffice-calc-extensions: before 7.5.4.1-48.44.2
libreoffice-writer: before 7.5.4.1-48.44.2
libreoffice-math-debuginfo: before 7.5.4.1-48.44.2
libreoffice-base: before 7.5.4.1-48.44.2
libreoffice-writer-extensions: before 7.5.4.1-48.44.2
libreoffice-base-debuginfo: before 7.5.4.1-48.44.2
libreoffice-writer-debuginfo: before 7.5.4.1-48.44.2
libreoffice-mailmerge: before 7.5.4.1-48.44.2
libreoffice-gnome-debuginfo: before 7.5.4.1-48.44.2
libreoffice-calc-debuginfo: before 7.5.4.1-48.44.2
libreoffice-impress-debuginfo: before 7.5.4.1-48.44.2
libreoffice: before 7.5.4.1-48.44.2
libreoffice-sdk: before 7.5.4.1-48.44.2
libreoffice-debuginfo: before 7.5.4.1-48.44.2
libreoffice-debugsource: before 7.5.4.1-48.44.2
libreoffice-sdk-debuginfo: before 7.5.4.1-48.44.2
libmwaw-devel-doc: before 0.3.21-7.24.14
libmwaw-devel: before 0.3.21-7.24.14
libmwaw-debugsource: before 0.3.21-7.24.14
libmwaw-0_3-3: before 0.3.21-7.24.14
xmlsec1-nss-devel: before 1.2.37-8.6.21
atk-devel: before 2.28.1-6.5.23
xmlsec1-gcrypt-devel: before 1.2.37-8.6.21
xmlsec1-gnutls-devel: before 1.2.37-8.6.21
xmlsec1-devel: before 1.2.37-8.6.21
xmlsec1-openssl-devel: before 1.2.37-8.6.21
atk-lang: before 2.28.1-6.5.23
atk-doc: before 2.28.1-6.5.23
xmlsec1: before 1.2.37-8.6.21
libxmlsec1-nss1-debuginfo: before 1.2.37-8.6.21
libxmlsec1-nss1: before 1.2.37-8.6.21
xmlsec1-debugsource: before 1.2.37-8.6.21
xmlsec1-debuginfo: before 1.2.37-8.6.21
libatk-1_0-0-32bit: before 2.28.1-6.5.23
libatk-1_0-0-debuginfo-32bit: before 2.28.1-6.5.23
libxmlsec1-gnutls1-debuginfo: before 1.2.37-8.6.21
libxmlsec1-openssl1-debuginfo: before 1.2.37-8.6.21
libxmlsec1-gnutls1: before 1.2.37-8.6.21
libxmlsec1-1: before 1.2.37-8.6.21
libxmlsec1-openssl1: before 1.2.37-8.6.21
libxmlsec1-gcrypt1: before 1.2.37-8.6.21
atk-debugsource: before 2.28.1-6.5.23
libxmlsec1-1-debuginfo: before 1.2.37-8.6.21
libatk-1_0-0-debuginfo: before 2.28.1-6.5.23
typelib-1_0-Atk-1_0: before 2.28.1-6.5.23
libxmlsec1-gcrypt1-debuginfo: before 1.2.37-8.6.21
libatk-1_0-0: before 2.28.1-6.5.23
at-spi2: before core-devel
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20240075-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU76613
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-2255
CWE-ID:
CWE-357 - Insufficient UI Warning of Dangerous Operations
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the application allows usage of floating frames that can fetch content from external sources without prompting the user. A remote attacker can trick the victim to open a specially crafted file and perform spoofing attack.
Update the affected package LibreOffice to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server 12: SP4 - SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
SUSE OpenStack Cloud Crowbar: 9
SUSE OpenStack Cloud: 9
libreoffice-l10n-en: before 7.5.4.1-48.44.2
libreoffice-l10n-es: before 7.5.4.1-48.44.2
libreoffice-l10n-pt_BR: before 7.5.4.1-48.44.2
libreoffice-l10n-sv: before 7.5.4.1-48.44.2
libreoffice-l10n-ca: before 7.5.4.1-48.44.2
libreoffice-l10n-pl: before 7.5.4.1-48.44.2
libreoffice-l10n-ro: before 7.5.4.1-48.44.2
libreoffice-l10n-ja: before 7.5.4.1-48.44.2
libreoffice-l10n-nn: before 7.5.4.1-48.44.2
libreoffice-l10n-fi: before 7.5.4.1-48.44.2
libreoffice-l10n-hi: before 7.5.4.1-48.44.2
libreoffice-l10n-hu: before 7.5.4.1-48.44.2
libreoffice-branding-upstream: before 7.5.4.1-48.44.2
libreoffice-l10n-af: before 7.5.4.1-48.44.2
libreoffice-l10n-zu: before 7.5.4.1-48.44.2
libreoffice-l10n-da: before 7.5.4.1-48.44.2
libreoffice-l10n-nl: before 7.5.4.1-48.44.2
libreoffice-l10n-nb: before 7.5.4.1-48.44.2
libreoffice-l10n-pt_PT: before 7.5.4.1-48.44.2
libreoffice-l10n-ko: before 7.5.4.1-48.44.2
libreoffice-l10n-xh: before 7.5.4.1-48.44.2
libreoffice-l10n-hr: before 7.5.4.1-48.44.2
libreoffice-l10n-ru: before 7.5.4.1-48.44.2
libreoffice-icon-themes: before 7.5.4.1-48.44.2
libreoffice-l10n-gu: before 7.5.4.1-48.44.2
libreoffice-l10n-fr: before 7.5.4.1-48.44.2
libreoffice-l10n-cs: before 7.5.4.1-48.44.2
libreoffice-l10n-ar: before 7.5.4.1-48.44.2
libreoffice-l10n-uk: before 7.5.4.1-48.44.2
libreoffice-l10n-bg: before 7.5.4.1-48.44.2
libreoffice-l10n-zh_TW: before 7.5.4.1-48.44.2
libreoffice-l10n-sk: before 7.5.4.1-48.44.2
libreoffice-l10n-it: before 7.5.4.1-48.44.2
libreoffice-l10n-de: before 7.5.4.1-48.44.2
libreoffice-l10n-lt: before 7.5.4.1-48.44.2
libreoffice-l10n-zh_CN: before 7.5.4.1-48.44.2
libreoffice-calc: before 7.5.4.1-48.44.2
fixmath-devel: before 2022.07.20-8.3.48
libreoffice-draw-debuginfo: before 7.5.4.1-48.44.2
libreoffice-officebean: before 7.5.4.1-48.44.2
libreoffice-base-drivers-postgresql: before 7.5.4.1-48.44.2
libreoffice-impress: before 7.5.4.1-48.44.2
libreoffice-math: before 7.5.4.1-48.44.2
libreoffice-draw: before 7.5.4.1-48.44.2
libreoffice-base-drivers-postgresql-debuginfo: before 7.5.4.1-48.44.2
libreoffice-filters-optional: before 7.5.4.1-48.44.2
libreoffice-officebean-debuginfo: before 7.5.4.1-48.44.2
libreoffice-pyuno-debuginfo: before 7.5.4.1-48.44.2
libreoffice-gtk3: before 7.5.4.1-48.44.2
libreoffice-pyuno: before 7.5.4.1-48.44.2
libreoffice-gnome: before 7.5.4.1-48.44.2
libreoffice-gtk3-debuginfo: before 7.5.4.1-48.44.2
libmwaw-0_3-3-debuginfo: before 0.3.21-7.24.14
libreoffice-librelogo: before 7.5.4.1-48.44.2
dragonbox-devel: before 1.1.3-8.3.48
libreoffice-calc-extensions: before 7.5.4.1-48.44.2
libreoffice-writer: before 7.5.4.1-48.44.2
libreoffice-math-debuginfo: before 7.5.4.1-48.44.2
libreoffice-base: before 7.5.4.1-48.44.2
libreoffice-writer-extensions: before 7.5.4.1-48.44.2
libreoffice-base-debuginfo: before 7.5.4.1-48.44.2
libreoffice-writer-debuginfo: before 7.5.4.1-48.44.2
libreoffice-mailmerge: before 7.5.4.1-48.44.2
libreoffice-gnome-debuginfo: before 7.5.4.1-48.44.2
libreoffice-calc-debuginfo: before 7.5.4.1-48.44.2
libreoffice-impress-debuginfo: before 7.5.4.1-48.44.2
libreoffice: before 7.5.4.1-48.44.2
libreoffice-sdk: before 7.5.4.1-48.44.2
libreoffice-debuginfo: before 7.5.4.1-48.44.2
libreoffice-debugsource: before 7.5.4.1-48.44.2
libreoffice-sdk-debuginfo: before 7.5.4.1-48.44.2
libmwaw-devel-doc: before 0.3.21-7.24.14
libmwaw-devel: before 0.3.21-7.24.14
libmwaw-debugsource: before 0.3.21-7.24.14
libmwaw-0_3-3: before 0.3.21-7.24.14
xmlsec1-nss-devel: before 1.2.37-8.6.21
atk-devel: before 2.28.1-6.5.23
xmlsec1-gcrypt-devel: before 1.2.37-8.6.21
xmlsec1-gnutls-devel: before 1.2.37-8.6.21
xmlsec1-devel: before 1.2.37-8.6.21
xmlsec1-openssl-devel: before 1.2.37-8.6.21
atk-lang: before 2.28.1-6.5.23
atk-doc: before 2.28.1-6.5.23
xmlsec1: before 1.2.37-8.6.21
libxmlsec1-nss1-debuginfo: before 1.2.37-8.6.21
libxmlsec1-nss1: before 1.2.37-8.6.21
xmlsec1-debugsource: before 1.2.37-8.6.21
xmlsec1-debuginfo: before 1.2.37-8.6.21
libatk-1_0-0-32bit: before 2.28.1-6.5.23
libatk-1_0-0-debuginfo-32bit: before 2.28.1-6.5.23
libxmlsec1-gnutls1-debuginfo: before 1.2.37-8.6.21
libxmlsec1-openssl1-debuginfo: before 1.2.37-8.6.21
libxmlsec1-gnutls1: before 1.2.37-8.6.21
libxmlsec1-1: before 1.2.37-8.6.21
libxmlsec1-openssl1: before 1.2.37-8.6.21
libxmlsec1-gcrypt1: before 1.2.37-8.6.21
atk-debugsource: before 2.28.1-6.5.23
libxmlsec1-1-debuginfo: before 1.2.37-8.6.21
libatk-1_0-0-debuginfo: before 2.28.1-6.5.23
typelib-1_0-Atk-1_0: before 2.28.1-6.5.23
libxmlsec1-gcrypt1-debuginfo: before 1.2.37-8.6.21
libatk-1_0-0: before 2.28.1-6.5.23
at-spi2: before core-devel
External linkshttp://www.suse.com/support/update/announcement/2024/suse-su-20240075-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.