Red Hat: CVE-2019-9848: Moderate: libreoffice security and bug fix update (RHSA-2020:1151)
8
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
07/17/2019
04/02/2020
04/01/2020
03/03/2021
Description
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
Solution(s)
- redhat-upgrade-autocorr-af
- redhat-upgrade-autocorr-bg
- redhat-upgrade-autocorr-ca
- redhat-upgrade-autocorr-cs
- redhat-upgrade-autocorr-da
- redhat-upgrade-autocorr-de
- redhat-upgrade-autocorr-en
- redhat-upgrade-autocorr-es
- redhat-upgrade-autocorr-fa
- redhat-upgrade-autocorr-fi
- redhat-upgrade-autocorr-fr
- redhat-upgrade-autocorr-ga
- redhat-upgrade-autocorr-hr
- redhat-upgrade-autocorr-hu
- redhat-upgrade-autocorr-is
- redhat-upgrade-autocorr-it
- redhat-upgrade-autocorr-ja
- redhat-upgrade-autocorr-ko
- redhat-upgrade-autocorr-lb
- redhat-upgrade-autocorr-lt
- redhat-upgrade-autocorr-mn
- redhat-upgrade-autocorr-nl
- redhat-upgrade-autocorr-pl
- redhat-upgrade-autocorr-pt
- redhat-upgrade-autocorr-ro
- redhat-upgrade-autocorr-ru
- redhat-upgrade-autocorr-sk
- redhat-upgrade-autocorr-sl
- redhat-upgrade-autocorr-sr
- redhat-upgrade-autocorr-sv
- redhat-upgrade-autocorr-tr
- redhat-upgrade-autocorr-vi
- redhat-upgrade-autocorr-zh
- redhat-upgrade-libreoffice
- redhat-upgrade-libreoffice-base
- redhat-upgrade-libreoffice-bsh
- redhat-upgrade-libreoffice-calc
- redhat-upgrade-libreoffice-core
- redhat-upgrade-libreoffice-data
- redhat-upgrade-libreoffice-debuginfo
- redhat-upgrade-libreoffice-draw
- redhat-upgrade-libreoffice-emailmerge
- redhat-upgrade-libreoffice-filters
- redhat-upgrade-libreoffice-gdb-debug-support
- redhat-upgrade-libreoffice-glade
- redhat-upgrade-libreoffice-graphicfilter
- redhat-upgrade-libreoffice-gtk2
- redhat-upgrade-libreoffice-gtk3
- redhat-upgrade-libreoffice-help-ar
- redhat-upgrade-libreoffice-help-bg
- redhat-upgrade-libreoffice-help-bn
- redhat-upgrade-libreoffice-help-ca
- redhat-upgrade-libreoffice-help-cs
- redhat-upgrade-libreoffice-help-da
- redhat-upgrade-libreoffice-help-de
- redhat-upgrade-libreoffice-help-dz
- redhat-upgrade-libreoffice-help-el
- redhat-upgrade-libreoffice-help-es
- redhat-upgrade-libreoffice-help-et
- redhat-upgrade-libreoffice-help-eu
- redhat-upgrade-libreoffice-help-fi
- redhat-upgrade-libreoffice-help-fr
- redhat-upgrade-libreoffice-help-gl
- redhat-upgrade-libreoffice-help-gu
- redhat-upgrade-libreoffice-help-he
- redhat-upgrade-libreoffice-help-hi
- redhat-upgrade-libreoffice-help-hr
- redhat-upgrade-libreoffice-help-hu
- redhat-upgrade-libreoffice-help-id
- redhat-upgrade-libreoffice-help-it
- redhat-upgrade-libreoffice-help-ja
- redhat-upgrade-libreoffice-help-ko
- redhat-upgrade-libreoffice-help-lt
- redhat-upgrade-libreoffice-help-lv
- redhat-upgrade-libreoffice-help-nb
- redhat-upgrade-libreoffice-help-nl
- redhat-upgrade-libreoffice-help-nn
- redhat-upgrade-libreoffice-help-pl
- redhat-upgrade-libreoffice-help-pt-br
- redhat-upgrade-libreoffice-help-pt-pt
- redhat-upgrade-libreoffice-help-ro
- redhat-upgrade-libreoffice-help-ru
- redhat-upgrade-libreoffice-help-si
- redhat-upgrade-libreoffice-help-sk
- redhat-upgrade-libreoffice-help-sl
- redhat-upgrade-libreoffice-help-sv
- redhat-upgrade-libreoffice-help-ta
- redhat-upgrade-libreoffice-help-tr
- redhat-upgrade-libreoffice-help-uk
- redhat-upgrade-libreoffice-help-zh-hans
- redhat-upgrade-libreoffice-help-zh-hant
- redhat-upgrade-libreoffice-impress
- redhat-upgrade-libreoffice-langpack-en
- redhat-upgrade-libreoffice-librelogo
- redhat-upgrade-libreoffice-math
- redhat-upgrade-libreoffice-nlpsolver
- redhat-upgrade-libreoffice-officebean
- redhat-upgrade-libreoffice-officebean-common
- redhat-upgrade-libreoffice-ogltrans
- redhat-upgrade-libreoffice-opensymbol-fonts
- redhat-upgrade-libreoffice-pdfimport
- redhat-upgrade-libreoffice-postgresql
- redhat-upgrade-libreoffice-pyuno
- redhat-upgrade-libreoffice-rhino
- redhat-upgrade-libreoffice-sdk
- redhat-upgrade-libreoffice-sdk-doc
- redhat-upgrade-libreoffice-ure
- redhat-upgrade-libreoffice-ure-common
- redhat-upgrade-libreoffice-wiki-publisher
- redhat-upgrade-libreoffice-writer
- redhat-upgrade-libreoffice-x11
- redhat-upgrade-libreoffice-xsltfilter
- redhat-upgrade-libreofficekit
- redhat-upgrade-libreofficekit-devel
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center