SUSE: CVE-2019-9852: SUSE Linux Security Advisory
7
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
08/15/2019
09/04/2019
09/03/2019
11/07/2022
Description
LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
Solution(s)
- suse-upgrade-libreoffice
- suse-upgrade-libreoffice-base
- suse-upgrade-libreoffice-base-drivers-firebird
- suse-upgrade-libreoffice-base-drivers-postgresql
- suse-upgrade-libreoffice-branding-upstream
- suse-upgrade-libreoffice-calc
- suse-upgrade-libreoffice-calc-extensions
- suse-upgrade-libreoffice-draw
- suse-upgrade-libreoffice-filters-optional
- suse-upgrade-libreoffice-gdb-pretty-printers
- suse-upgrade-libreoffice-glade
- suse-upgrade-libreoffice-gnome
- suse-upgrade-libreoffice-gtk2
- suse-upgrade-libreoffice-gtk3
- suse-upgrade-libreoffice-icon-themes
- suse-upgrade-libreoffice-impress
- suse-upgrade-libreoffice-l10n-af
- suse-upgrade-libreoffice-l10n-am
- suse-upgrade-libreoffice-l10n-ar
- suse-upgrade-libreoffice-l10n-as
- suse-upgrade-libreoffice-l10n-ast
- suse-upgrade-libreoffice-l10n-be
- suse-upgrade-libreoffice-l10n-bg
- suse-upgrade-libreoffice-l10n-bn
- suse-upgrade-libreoffice-l10n-bn_in
- suse-upgrade-libreoffice-l10n-bo
- suse-upgrade-libreoffice-l10n-br
- suse-upgrade-libreoffice-l10n-brx
- suse-upgrade-libreoffice-l10n-bs
- suse-upgrade-libreoffice-l10n-ca
- suse-upgrade-libreoffice-l10n-ca_valencia
- suse-upgrade-libreoffice-l10n-ckb
- suse-upgrade-libreoffice-l10n-cs
- suse-upgrade-libreoffice-l10n-cy
- suse-upgrade-libreoffice-l10n-da
- suse-upgrade-libreoffice-l10n-de
- suse-upgrade-libreoffice-l10n-dgo
- suse-upgrade-libreoffice-l10n-dsb
- suse-upgrade-libreoffice-l10n-dz
- suse-upgrade-libreoffice-l10n-el
- suse-upgrade-libreoffice-l10n-en
- suse-upgrade-libreoffice-l10n-en_gb
- suse-upgrade-libreoffice-l10n-en_za
- suse-upgrade-libreoffice-l10n-eo
- suse-upgrade-libreoffice-l10n-es
- suse-upgrade-libreoffice-l10n-et
- suse-upgrade-libreoffice-l10n-eu
- suse-upgrade-libreoffice-l10n-fa
- suse-upgrade-libreoffice-l10n-fi
- suse-upgrade-libreoffice-l10n-fr
- suse-upgrade-libreoffice-l10n-fur
- suse-upgrade-libreoffice-l10n-fy
- suse-upgrade-libreoffice-l10n-ga
- suse-upgrade-libreoffice-l10n-gd
- suse-upgrade-libreoffice-l10n-gl
- suse-upgrade-libreoffice-l10n-gu
- suse-upgrade-libreoffice-l10n-gug
- suse-upgrade-libreoffice-l10n-he
- suse-upgrade-libreoffice-l10n-hi
- suse-upgrade-libreoffice-l10n-hr
- suse-upgrade-libreoffice-l10n-hsb
- suse-upgrade-libreoffice-l10n-hu
- suse-upgrade-libreoffice-l10n-id
- suse-upgrade-libreoffice-l10n-is
- suse-upgrade-libreoffice-l10n-it
- suse-upgrade-libreoffice-l10n-ja
- suse-upgrade-libreoffice-l10n-ka
- suse-upgrade-libreoffice-l10n-kab
- suse-upgrade-libreoffice-l10n-kk
- suse-upgrade-libreoffice-l10n-km
- suse-upgrade-libreoffice-l10n-kmr_latn
- suse-upgrade-libreoffice-l10n-kn
- suse-upgrade-libreoffice-l10n-ko
- suse-upgrade-libreoffice-l10n-kok
- suse-upgrade-libreoffice-l10n-ks
- suse-upgrade-libreoffice-l10n-lb
- suse-upgrade-libreoffice-l10n-lo
- suse-upgrade-libreoffice-l10n-lt
- suse-upgrade-libreoffice-l10n-lv
- suse-upgrade-libreoffice-l10n-mai
- suse-upgrade-libreoffice-l10n-mk
- suse-upgrade-libreoffice-l10n-ml
- suse-upgrade-libreoffice-l10n-mn
- suse-upgrade-libreoffice-l10n-mni
- suse-upgrade-libreoffice-l10n-mr
- suse-upgrade-libreoffice-l10n-my
- suse-upgrade-libreoffice-l10n-nb
- suse-upgrade-libreoffice-l10n-ne
- suse-upgrade-libreoffice-l10n-nl
- suse-upgrade-libreoffice-l10n-nn
- suse-upgrade-libreoffice-l10n-nr
- suse-upgrade-libreoffice-l10n-nso
- suse-upgrade-libreoffice-l10n-oc
- suse-upgrade-libreoffice-l10n-om
- suse-upgrade-libreoffice-l10n-or
- suse-upgrade-libreoffice-l10n-pa
- suse-upgrade-libreoffice-l10n-pl
- suse-upgrade-libreoffice-l10n-pt_br
- suse-upgrade-libreoffice-l10n-pt_pt
- suse-upgrade-libreoffice-l10n-ro
- suse-upgrade-libreoffice-l10n-ru
- suse-upgrade-libreoffice-l10n-rw
- suse-upgrade-libreoffice-l10n-sa_in
- suse-upgrade-libreoffice-l10n-sat
- suse-upgrade-libreoffice-l10n-sd
- suse-upgrade-libreoffice-l10n-si
- suse-upgrade-libreoffice-l10n-sid
- suse-upgrade-libreoffice-l10n-sk
- suse-upgrade-libreoffice-l10n-sl
- suse-upgrade-libreoffice-l10n-sq
- suse-upgrade-libreoffice-l10n-sr
- suse-upgrade-libreoffice-l10n-ss
- suse-upgrade-libreoffice-l10n-st
- suse-upgrade-libreoffice-l10n-sv
- suse-upgrade-libreoffice-l10n-sw_tz
- suse-upgrade-libreoffice-l10n-szl
- suse-upgrade-libreoffice-l10n-ta
- suse-upgrade-libreoffice-l10n-te
- suse-upgrade-libreoffice-l10n-tg
- suse-upgrade-libreoffice-l10n-th
- suse-upgrade-libreoffice-l10n-tn
- suse-upgrade-libreoffice-l10n-tr
- suse-upgrade-libreoffice-l10n-ts
- suse-upgrade-libreoffice-l10n-tt
- suse-upgrade-libreoffice-l10n-ug
- suse-upgrade-libreoffice-l10n-uk
- suse-upgrade-libreoffice-l10n-uz
- suse-upgrade-libreoffice-l10n-ve
- suse-upgrade-libreoffice-l10n-vec
- suse-upgrade-libreoffice-l10n-vi
- suse-upgrade-libreoffice-l10n-xh
- suse-upgrade-libreoffice-l10n-zh_cn
- suse-upgrade-libreoffice-l10n-zh_tw
- suse-upgrade-libreoffice-l10n-zu
- suse-upgrade-libreoffice-librelogo
- suse-upgrade-libreoffice-mailmerge
- suse-upgrade-libreoffice-math
- suse-upgrade-libreoffice-officebean
- suse-upgrade-libreoffice-pyuno
- suse-upgrade-libreoffice-qt5
- suse-upgrade-libreoffice-sdk
- suse-upgrade-libreoffice-sdk-doc
- suse-upgrade-libreoffice-writer
- suse-upgrade-libreoffice-writer-extensions
- suse-upgrade-libreofficekit
- suse-upgrade-libreofficekit-devel
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center