Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2019-9851: CVE-2019-9851 libreoffice: LibreLogo global-event script execution (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Red Hat: CVE-2019-9851: CVE-2019-9851 libreoffice: LibreLogo global-event script execution (Multiple Advisories)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
08/15/2019
Created
04/02/2020
Added
04/01/2020
Modified
12/15/2023

Description

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.

Solution(s)

  • redhat-upgrade-autocorr-af
  • redhat-upgrade-autocorr-bg
  • redhat-upgrade-autocorr-ca
  • redhat-upgrade-autocorr-cs
  • redhat-upgrade-autocorr-da
  • redhat-upgrade-autocorr-de
  • redhat-upgrade-autocorr-en
  • redhat-upgrade-autocorr-es
  • redhat-upgrade-autocorr-fa
  • redhat-upgrade-autocorr-fi
  • redhat-upgrade-autocorr-fr
  • redhat-upgrade-autocorr-ga
  • redhat-upgrade-autocorr-hr
  • redhat-upgrade-autocorr-hu
  • redhat-upgrade-autocorr-is
  • redhat-upgrade-autocorr-it
  • redhat-upgrade-autocorr-ja
  • redhat-upgrade-autocorr-ko
  • redhat-upgrade-autocorr-lb
  • redhat-upgrade-autocorr-lt
  • redhat-upgrade-autocorr-mn
  • redhat-upgrade-autocorr-nl
  • redhat-upgrade-autocorr-pl
  • redhat-upgrade-autocorr-pt
  • redhat-upgrade-autocorr-ro
  • redhat-upgrade-autocorr-ru
  • redhat-upgrade-autocorr-sk
  • redhat-upgrade-autocorr-sl
  • redhat-upgrade-autocorr-sr
  • redhat-upgrade-autocorr-sv
  • redhat-upgrade-autocorr-tr
  • redhat-upgrade-autocorr-vi
  • redhat-upgrade-autocorr-zh
  • redhat-upgrade-libreoffice
  • redhat-upgrade-libreoffice-base
  • redhat-upgrade-libreoffice-base-debuginfo
  • redhat-upgrade-libreoffice-bsh
  • redhat-upgrade-libreoffice-calc
  • redhat-upgrade-libreoffice-calc-debuginfo
  • redhat-upgrade-libreoffice-core
  • redhat-upgrade-libreoffice-core-debuginfo
  • redhat-upgrade-libreoffice-data
  • redhat-upgrade-libreoffice-debuginfo
  • redhat-upgrade-libreoffice-debugsource
  • redhat-upgrade-libreoffice-draw
  • redhat-upgrade-libreoffice-emailmerge
  • redhat-upgrade-libreoffice-filters
  • redhat-upgrade-libreoffice-gdb-debug-support
  • redhat-upgrade-libreoffice-glade
  • redhat-upgrade-libreoffice-glade-debuginfo
  • redhat-upgrade-libreoffice-graphicfilter
  • redhat-upgrade-libreoffice-graphicfilter-debuginfo
  • redhat-upgrade-libreoffice-gtk2
  • redhat-upgrade-libreoffice-gtk2-debuginfo
  • redhat-upgrade-libreoffice-gtk3
  • redhat-upgrade-libreoffice-gtk3-debuginfo
  • redhat-upgrade-libreoffice-help-ar
  • redhat-upgrade-libreoffice-help-bg
  • redhat-upgrade-libreoffice-help-bn
  • redhat-upgrade-libreoffice-help-ca
  • redhat-upgrade-libreoffice-help-cs
  • redhat-upgrade-libreoffice-help-da
  • redhat-upgrade-libreoffice-help-de
  • redhat-upgrade-libreoffice-help-dz
  • redhat-upgrade-libreoffice-help-el
  • redhat-upgrade-libreoffice-help-en
  • redhat-upgrade-libreoffice-help-es
  • redhat-upgrade-libreoffice-help-et
  • redhat-upgrade-libreoffice-help-eu
  • redhat-upgrade-libreoffice-help-fi
  • redhat-upgrade-libreoffice-help-fr
  • redhat-upgrade-libreoffice-help-gl
  • redhat-upgrade-libreoffice-help-gu
  • redhat-upgrade-libreoffice-help-he
  • redhat-upgrade-libreoffice-help-hi
  • redhat-upgrade-libreoffice-help-hr
  • redhat-upgrade-libreoffice-help-hu
  • redhat-upgrade-libreoffice-help-id
  • redhat-upgrade-libreoffice-help-it
  • redhat-upgrade-libreoffice-help-ja
  • redhat-upgrade-libreoffice-help-ko
  • redhat-upgrade-libreoffice-help-lt
  • redhat-upgrade-libreoffice-help-lv
  • redhat-upgrade-libreoffice-help-nb
  • redhat-upgrade-libreoffice-help-nl
  • redhat-upgrade-libreoffice-help-nn
  • redhat-upgrade-libreoffice-help-pl
  • redhat-upgrade-libreoffice-help-pt-br
  • redhat-upgrade-libreoffice-help-pt-pt
  • redhat-upgrade-libreoffice-help-ro
  • redhat-upgrade-libreoffice-help-ru
  • redhat-upgrade-libreoffice-help-si
  • redhat-upgrade-libreoffice-help-sk
  • redhat-upgrade-libreoffice-help-sl
  • redhat-upgrade-libreoffice-help-sv
  • redhat-upgrade-libreoffice-help-ta
  • redhat-upgrade-libreoffice-help-tr
  • redhat-upgrade-libreoffice-help-uk
  • redhat-upgrade-libreoffice-help-zh-hans
  • redhat-upgrade-libreoffice-help-zh-hant
  • redhat-upgrade-libreoffice-impress
  • redhat-upgrade-libreoffice-impress-debuginfo
  • redhat-upgrade-libreoffice-langpack-af
  • redhat-upgrade-libreoffice-langpack-ar
  • redhat-upgrade-libreoffice-langpack-as
  • redhat-upgrade-libreoffice-langpack-bg
  • redhat-upgrade-libreoffice-langpack-bn
  • redhat-upgrade-libreoffice-langpack-br
  • redhat-upgrade-libreoffice-langpack-ca
  • redhat-upgrade-libreoffice-langpack-cs
  • redhat-upgrade-libreoffice-langpack-cy
  • redhat-upgrade-libreoffice-langpack-da
  • redhat-upgrade-libreoffice-langpack-de
  • redhat-upgrade-libreoffice-langpack-dz
  • redhat-upgrade-libreoffice-langpack-el
  • redhat-upgrade-libreoffice-langpack-en
  • redhat-upgrade-libreoffice-langpack-es
  • redhat-upgrade-libreoffice-langpack-et
  • redhat-upgrade-libreoffice-langpack-eu
  • redhat-upgrade-libreoffice-langpack-fa
  • redhat-upgrade-libreoffice-langpack-fi
  • redhat-upgrade-libreoffice-langpack-fr
  • redhat-upgrade-libreoffice-langpack-ga
  • redhat-upgrade-libreoffice-langpack-gl
  • redhat-upgrade-libreoffice-langpack-gu
  • redhat-upgrade-libreoffice-langpack-he
  • redhat-upgrade-libreoffice-langpack-hi
  • redhat-upgrade-libreoffice-langpack-hr
  • redhat-upgrade-libreoffice-langpack-hu
  • redhat-upgrade-libreoffice-langpack-id
  • redhat-upgrade-libreoffice-langpack-it
  • redhat-upgrade-libreoffice-langpack-ja
  • redhat-upgrade-libreoffice-langpack-kk
  • redhat-upgrade-libreoffice-langpack-kn
  • redhat-upgrade-libreoffice-langpack-ko
  • redhat-upgrade-libreoffice-langpack-lt
  • redhat-upgrade-libreoffice-langpack-lv
  • redhat-upgrade-libreoffice-langpack-mai
  • redhat-upgrade-libreoffice-langpack-ml
  • redhat-upgrade-libreoffice-langpack-mr
  • redhat-upgrade-libreoffice-langpack-nb
  • redhat-upgrade-libreoffice-langpack-nl
  • redhat-upgrade-libreoffice-langpack-nn
  • redhat-upgrade-libreoffice-langpack-nr
  • redhat-upgrade-libreoffice-langpack-nso
  • redhat-upgrade-libreoffice-langpack-or
  • redhat-upgrade-libreoffice-langpack-pa
  • redhat-upgrade-libreoffice-langpack-pl
  • redhat-upgrade-libreoffice-langpack-pt-br
  • redhat-upgrade-libreoffice-langpack-pt-pt
  • redhat-upgrade-libreoffice-langpack-ro
  • redhat-upgrade-libreoffice-langpack-ru
  • redhat-upgrade-libreoffice-langpack-si
  • redhat-upgrade-libreoffice-langpack-sk
  • redhat-upgrade-libreoffice-langpack-sl
  • redhat-upgrade-libreoffice-langpack-sr
  • redhat-upgrade-libreoffice-langpack-ss
  • redhat-upgrade-libreoffice-langpack-st
  • redhat-upgrade-libreoffice-langpack-sv
  • redhat-upgrade-libreoffice-langpack-ta
  • redhat-upgrade-libreoffice-langpack-te
  • redhat-upgrade-libreoffice-langpack-th
  • redhat-upgrade-libreoffice-langpack-tn
  • redhat-upgrade-libreoffice-langpack-tr
  • redhat-upgrade-libreoffice-langpack-ts
  • redhat-upgrade-libreoffice-langpack-uk
  • redhat-upgrade-libreoffice-langpack-ve
  • redhat-upgrade-libreoffice-langpack-xh
  • redhat-upgrade-libreoffice-langpack-zh-hans
  • redhat-upgrade-libreoffice-langpack-zh-hant
  • redhat-upgrade-libreoffice-langpack-zu
  • redhat-upgrade-libreoffice-librelogo
  • redhat-upgrade-libreoffice-math
  • redhat-upgrade-libreoffice-math-debuginfo
  • redhat-upgrade-libreoffice-nlpsolver
  • redhat-upgrade-libreoffice-officebean
  • redhat-upgrade-libreoffice-officebean-common
  • redhat-upgrade-libreoffice-officebean-debuginfo
  • redhat-upgrade-libreoffice-ogltrans
  • redhat-upgrade-libreoffice-ogltrans-debuginfo
  • redhat-upgrade-libreoffice-opensymbol-fonts
  • redhat-upgrade-libreoffice-pdfimport
  • redhat-upgrade-libreoffice-pdfimport-debuginfo
  • redhat-upgrade-libreoffice-postgresql
  • redhat-upgrade-libreoffice-postgresql-debuginfo
  • redhat-upgrade-libreoffice-pyuno
  • redhat-upgrade-libreoffice-pyuno-debuginfo
  • redhat-upgrade-libreoffice-rhino
  • redhat-upgrade-libreoffice-sdk
  • redhat-upgrade-libreoffice-sdk-debuginfo
  • redhat-upgrade-libreoffice-sdk-doc
  • redhat-upgrade-libreoffice-ure
  • redhat-upgrade-libreoffice-ure-common
  • redhat-upgrade-libreoffice-ure-debuginfo
  • redhat-upgrade-libreoffice-wiki-publisher
  • redhat-upgrade-libreoffice-writer
  • redhat-upgrade-libreoffice-writer-debuginfo
  • redhat-upgrade-libreoffice-x11
  • redhat-upgrade-libreoffice-x11-debuginfo
  • redhat-upgrade-libreoffice-xsltfilter
  • redhat-upgrade-libreofficekit
  • redhat-upgrade-libreofficekit-debuginfo
  • redhat-upgrade-libreofficekit-devel

References

  • DSA-4501
  • CVE-2019-9851
  • RHSA-2020:1151
  • RHSA-2020:1598

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;