vulnerability
SUSE: CVE-2019-9853: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Sep 27, 2019 | Dec 31, 2019 | Feb 4, 2022 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Sep 27, 2019
Added
Dec 31, 2019
Modified
Feb 4, 2022
Description
LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1.
Solution(s)
suse-upgrade-bluezsuse-upgrade-bluez-cupssuse-upgrade-bluez-develsuse-upgrade-cmis-clientsuse-upgrade-gperfsuse-upgrade-libbluetooth3suse-upgrade-libcmis-0_5-5suse-upgrade-libcmis-c-0_5-5suse-upgrade-libcmis-c-develsuse-upgrade-libcmis-develsuse-upgrade-libixion-0_15-0suse-upgrade-libixion-develsuse-upgrade-libixion-toolssuse-upgrade-libmwaw-0_3-3suse-upgrade-libmwaw-develsuse-upgrade-libmwaw-devel-docsuse-upgrade-libmwaw-toolssuse-upgrade-liborcus-0_15-0suse-upgrade-liborcus-develsuse-upgrade-liborcus-toolssuse-upgrade-libreofficesuse-upgrade-libreoffice-basesuse-upgrade-libreoffice-base-drivers-firebirdsuse-upgrade-libreoffice-base-drivers-postgresqlsuse-upgrade-libreoffice-branding-upstreamsuse-upgrade-libreoffice-calcsuse-upgrade-libreoffice-calc-extensionssuse-upgrade-libreoffice-drawsuse-upgrade-libreoffice-filters-optionalsuse-upgrade-libreoffice-gdb-pretty-printerssuse-upgrade-libreoffice-gladesuse-upgrade-libreoffice-gnomesuse-upgrade-libreoffice-gtk3suse-upgrade-libreoffice-icon-themessuse-upgrade-libreoffice-impresssuse-upgrade-libreoffice-l10n-afsuse-upgrade-libreoffice-l10n-amsuse-upgrade-libreoffice-l10n-arsuse-upgrade-libreoffice-l10n-assuse-upgrade-libreoffice-l10n-astsuse-upgrade-libreoffice-l10n-besuse-upgrade-libreoffice-l10n-bgsuse-upgrade-libreoffice-l10n-bnsuse-upgrade-libreoffice-l10n-bn_insuse-upgrade-libreoffice-l10n-bosuse-upgrade-libreoffice-l10n-brsuse-upgrade-libreoffice-l10n-brxsuse-upgrade-libreoffice-l10n-bssuse-upgrade-libreoffice-l10n-casuse-upgrade-libreoffice-l10n-ca_valenciasuse-upgrade-libreoffice-l10n-ckbsuse-upgrade-libreoffice-l10n-cssuse-upgrade-libreoffice-l10n-cysuse-upgrade-libreoffice-l10n-dasuse-upgrade-libreoffice-l10n-desuse-upgrade-libreoffice-l10n-dgosuse-upgrade-libreoffice-l10n-dsbsuse-upgrade-libreoffice-l10n-dzsuse-upgrade-libreoffice-l10n-elsuse-upgrade-libreoffice-l10n-ensuse-upgrade-libreoffice-l10n-en_gbsuse-upgrade-libreoffice-l10n-en_zasuse-upgrade-libreoffice-l10n-eosuse-upgrade-libreoffice-l10n-essuse-upgrade-libreoffice-l10n-etsuse-upgrade-libreoffice-l10n-eususe-upgrade-libreoffice-l10n-fasuse-upgrade-libreoffice-l10n-fisuse-upgrade-libreoffice-l10n-frsuse-upgrade-libreoffice-l10n-fursuse-upgrade-libreoffice-l10n-fysuse-upgrade-libreoffice-l10n-gasuse-upgrade-libreoffice-l10n-gdsuse-upgrade-libreoffice-l10n-glsuse-upgrade-libreoffice-l10n-gususe-upgrade-libreoffice-l10n-gugsuse-upgrade-libreoffice-l10n-hesuse-upgrade-libreoffice-l10n-hisuse-upgrade-libreoffice-l10n-hrsuse-upgrade-libreoffice-l10n-hsbsuse-upgrade-libreoffice-l10n-hususe-upgrade-libreoffice-l10n-idsuse-upgrade-libreoffice-l10n-issuse-upgrade-libreoffice-l10n-itsuse-upgrade-libreoffice-l10n-jasuse-upgrade-libreoffice-l10n-kasuse-upgrade-libreoffice-l10n-kabsuse-upgrade-libreoffice-l10n-kksuse-upgrade-libreoffice-l10n-kmsuse-upgrade-libreoffice-l10n-kmr_latnsuse-upgrade-libreoffice-l10n-knsuse-upgrade-libreoffice-l10n-kosuse-upgrade-libreoffice-l10n-koksuse-upgrade-libreoffice-l10n-kssuse-upgrade-libreoffice-l10n-lbsuse-upgrade-libreoffice-l10n-losuse-upgrade-libreoffice-l10n-ltsuse-upgrade-libreoffice-l10n-lvsuse-upgrade-libreoffice-l10n-maisuse-upgrade-libreoffice-l10n-mksuse-upgrade-libreoffice-l10n-mlsuse-upgrade-libreoffice-l10n-mnsuse-upgrade-libreoffice-l10n-mnisuse-upgrade-libreoffice-l10n-mrsuse-upgrade-libreoffice-l10n-mysuse-upgrade-libreoffice-l10n-nbsuse-upgrade-libreoffice-l10n-nesuse-upgrade-libreoffice-l10n-nlsuse-upgrade-libreoffice-l10n-nnsuse-upgrade-libreoffice-l10n-nrsuse-upgrade-libreoffice-l10n-nsosuse-upgrade-libreoffice-l10n-ocsuse-upgrade-libreoffice-l10n-omsuse-upgrade-libreoffice-l10n-orsuse-upgrade-libreoffice-l10n-pasuse-upgrade-libreoffice-l10n-plsuse-upgrade-libreoffice-l10n-pt_brsuse-upgrade-libreoffice-l10n-pt_ptsuse-upgrade-libreoffice-l10n-rosuse-upgrade-libreoffice-l10n-rususe-upgrade-libreoffice-l10n-rwsuse-upgrade-libreoffice-l10n-sa_insuse-upgrade-libreoffice-l10n-satsuse-upgrade-libreoffice-l10n-sdsuse-upgrade-libreoffice-l10n-sisuse-upgrade-libreoffice-l10n-sidsuse-upgrade-libreoffice-l10n-sksuse-upgrade-libreoffice-l10n-slsuse-upgrade-libreoffice-l10n-sqsuse-upgrade-libreoffice-l10n-srsuse-upgrade-libreoffice-l10n-sssuse-upgrade-libreoffice-l10n-stsuse-upgrade-libreoffice-l10n-svsuse-upgrade-libreoffice-l10n-sw_tzsuse-upgrade-libreoffice-l10n-szlsuse-upgrade-libreoffice-l10n-tasuse-upgrade-libreoffice-l10n-tesuse-upgrade-libreoffice-l10n-tgsuse-upgrade-libreoffice-l10n-thsuse-upgrade-libreoffice-l10n-tnsuse-upgrade-libreoffice-l10n-trsuse-upgrade-libreoffice-l10n-tssuse-upgrade-libreoffice-l10n-ttsuse-upgrade-libreoffice-l10n-ugsuse-upgrade-libreoffice-l10n-uksuse-upgrade-libreoffice-l10n-uzsuse-upgrade-libreoffice-l10n-vesuse-upgrade-libreoffice-l10n-vecsuse-upgrade-libreoffice-l10n-visuse-upgrade-libreoffice-l10n-xhsuse-upgrade-libreoffice-l10n-zh_cnsuse-upgrade-libreoffice-l10n-zh_twsuse-upgrade-libreoffice-l10n-zususe-upgrade-libreoffice-librelogosuse-upgrade-libreoffice-mailmergesuse-upgrade-libreoffice-mathsuse-upgrade-libreoffice-officebeansuse-upgrade-libreoffice-pyunosuse-upgrade-libreoffice-qt5suse-upgrade-libreoffice-sdksuse-upgrade-libreoffice-sdk-docsuse-upgrade-libreoffice-writersuse-upgrade-libreoffice-writer-extensionssuse-upgrade-libreofficekitsuse-upgrade-libreofficekit-develsuse-upgrade-mdds-1_5-develsuse-upgrade-myspell-af_nasuse-upgrade-myspell-af_zasuse-upgrade-myspell-ansuse-upgrade-myspell-an_essuse-upgrade-myspell-arsuse-upgrade-myspell-ar_aesuse-upgrade-myspell-ar_bhsuse-upgrade-myspell-ar_dzsuse-upgrade-myspell-ar_egsuse-upgrade-myspell-ar_iqsuse-upgrade-myspell-ar_josuse-upgrade-myspell-ar_kwsuse-upgrade-myspell-ar_lbsuse-upgrade-myspell-ar_lysuse-upgrade-myspell-ar_masuse-upgrade-myspell-ar_omsuse-upgrade-myspell-ar_qasuse-upgrade-myspell-ar_sasuse-upgrade-myspell-ar_sdsuse-upgrade-myspell-ar_sysuse-upgrade-myspell-ar_tnsuse-upgrade-myspell-ar_yesuse-upgrade-myspell-be_bysuse-upgrade-myspell-bg_bgsuse-upgrade-myspell-bn_bdsuse-upgrade-myspell-bn_insuse-upgrade-myspell-bosuse-upgrade-myspell-bo_cnsuse-upgrade-myspell-bo_insuse-upgrade-myspell-br_frsuse-upgrade-myspell-bssuse-upgrade-myspell-bs_basuse-upgrade-myspell-casuse-upgrade-myspell-ca_adsuse-upgrade-myspell-ca_essuse-upgrade-myspell-ca_es_valenciasuse-upgrade-myspell-ca_frsuse-upgrade-myspell-ca_itsuse-upgrade-myspell-cs_czsuse-upgrade-myspell-da_dksuse-upgrade-myspell-desuse-upgrade-myspell-de_atsuse-upgrade-myspell-de_chsuse-upgrade-myspell-de_desuse-upgrade-myspell-dictionariessuse-upgrade-myspell-el_grsuse-upgrade-myspell-ensuse-upgrade-myspell-en_aususe-upgrade-myspell-en_bssuse-upgrade-myspell-en_bzsuse-upgrade-myspell-en_casuse-upgrade-myspell-en_gbsuse-upgrade-myspell-en_ghsuse-upgrade-myspell-en_iesuse-upgrade-myspell-en_insuse-upgrade-myspell-en_jmsuse-upgrade-myspell-en_mwsuse-upgrade-myspell-en_nasuse-upgrade-myspell-en_nzsuse-upgrade-myspell-en_phsuse-upgrade-myspell-en_ttsuse-upgrade-myspell-en_ussuse-upgrade-myspell-en_zasuse-upgrade-myspell-en_zwsuse-upgrade-myspell-essuse-upgrade-myspell-es_arsuse-upgrade-myspell-es_bosuse-upgrade-myspell-es_clsuse-upgrade-myspell-es_cosuse-upgrade-myspell-es_crsuse-upgrade-myspell-es_cususe-upgrade-myspell-es_dosuse-upgrade-myspell-es_ecsuse-upgrade-myspell-es_essuse-upgrade-myspell-es_gtsuse-upgrade-myspell-es_hnsuse-upgrade-myspell-es_mxsuse-upgrade-myspell-es_nisuse-upgrade-myspell-es_pasuse-upgrade-myspell-es_pesuse-upgrade-myspell-es_prsuse-upgrade-myspell-es_pysuse-upgrade-myspell-es_svsuse-upgrade-myspell-es_uysuse-upgrade-myspell-es_vesuse-upgrade-myspell-et_eesuse-upgrade-myspell-fr_besuse-upgrade-myspell-fr_casuse-upgrade-myspell-fr_chsuse-upgrade-myspell-fr_frsuse-upgrade-myspell-fr_lususe-upgrade-myspell-fr_mcsuse-upgrade-myspell-gd_gbsuse-upgrade-myspell-glsuse-upgrade-myspell-gl_essuse-upgrade-myspell-gu_insuse-upgrade-myspell-gugsuse-upgrade-myspell-gug_pysuse-upgrade-myspell-he_ilsuse-upgrade-myspell-hi_insuse-upgrade-myspell-hr_hrsuse-upgrade-myspell-hu_hususe-upgrade-myspell-idsuse-upgrade-myspell-id_idsuse-upgrade-myspell-issuse-upgrade-myspell-is_issuse-upgrade-myspell-it_itsuse-upgrade-myspell-kmr_latnsuse-upgrade-myspell-kmr_latn_sysuse-upgrade-myspell-kmr_latn_trsuse-upgrade-myspell-lightproof-ensuse-upgrade-myspell-lightproof-hu_hususe-upgrade-myspell-lightproof-pt_brsuse-upgrade-myspell-lightproof-ru_rususe-upgrade-myspell-lo_lasuse-upgrade-myspell-lt_ltsuse-upgrade-myspell-lv_lvsuse-upgrade-myspell-nb_nosuse-upgrade-myspell-ne_npsuse-upgrade-myspell-nl_besuse-upgrade-myspell-nl_nlsuse-upgrade-myspell-nn_nosuse-upgrade-myspell-nosuse-upgrade-myspell-oc_frsuse-upgrade-myspell-pl_plsuse-upgrade-myspell-pt_aosuse-upgrade-myspell-pt_brsuse-upgrade-myspell-pt_ptsuse-upgrade-myspell-rosuse-upgrade-myspell-ro_rosuse-upgrade-myspell-ru_rususe-upgrade-myspell-si_lksuse-upgrade-myspell-sk_sksuse-upgrade-myspell-sl_sisuse-upgrade-myspell-sq_alsuse-upgrade-myspell-srsuse-upgrade-myspell-sr_cssuse-upgrade-myspell-sr_latn_cssuse-upgrade-myspell-sr_latn_rssuse-upgrade-myspell-sr_rssuse-upgrade-myspell-sv_fisuse-upgrade-myspell-sv_sesuse-upgrade-myspell-sw_tzsuse-upgrade-myspell-tesuse-upgrade-myspell-te_insuse-upgrade-myspell-th_thsuse-upgrade-myspell-trsuse-upgrade-myspell-tr_trsuse-upgrade-myspell-uk_uasuse-upgrade-myspell-visuse-upgrade-myspell-vi_vnsuse-upgrade-myspell-zu_zasuse-upgrade-python3-libixionsuse-upgrade-python3-liborcussuse-upgrade-spdlog-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.