[ASA-201908-9] libreoffice-still: multiple issues
Jelle van der Waa
jelle at archlinux.org
Sat Aug 24 13:36:52 UTC 2019
Arch Linux Security Advisory ASA-201908-9
Date : 2019-08-16
CVE-ID : CVE-2019-9848 CVE-2019-9849
Package : libreoffice-still
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1010
The package libreoffice-still before version 6.2.6-1 is vulnerable to
multiple issues including arbitrary command execution and information
Upgrade to 6.2.6-1.
# pacman -Syu "libreoffice-still>=6.2.6-1"
The problems have been fixed upstream in version 6.2.6.
- CVE-2019-9848 (arbitrary command execution)
An issue has been found in LibreOffice before 6.2.5, where documents
can specify that pre-installed scripts can be executed on various
document events such as mouse-over, etc. LibreOffice is typically also
bundled with LibreLogo, a programmable turtle vector graphics script,
which can be manipulated into executing arbitrary python commands. By
using the document event feature to trigger LibreLogo to execute python
contained within a document a malicious document could be constructed
which would execute arbitrary python commands silently without warning.
In the fixed versions, LibreLogo cannot be called from a document event
- CVE-2019-9849 (information disclosure)
LibreOffice has a 'stealth mode' in which only documents from locations
deemed 'trusted' are allowed to retrieve remote resources. This mode is
not the default mode, but can be enabled by users who want to disable
LibreOffice's ability to include remote resources within a document. A
flaw existed where bullet graphics were omitted from this protection
prior to version 6.2.5.
A remote attacker is able to execute arbitrary commands via a specially
crafted document or disclose bullet graphics from locations which
should be hidden when 'stealth mode' is enabled.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: not available
More information about the arch-security