Updated libreoffice packages fix security vulnerability
Publication date: 28 Oct 2022Modification date: 28 Oct 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-3140
Description
LibreOffice supports Office URI Schemes to enable browser integration of
LibreOffice with MS SharePoint server. An additional scheme
'vnd.libreoffice.command' specific to LibreOffice was added. In the
affected versions of LibreOffice links using that scheme could be
constructed to call internal macros with arbitrary arguments. Which when
clicked on, or activated by document events, could result in arbitrary
script execution without warning. (CVE-2022-3140)
References
- https://bugs.mageia.org/show_bug.cgi?id=30959
- https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140
- https://www.debian.org/security/2022/dsa-5252
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TORANVTIWWBH3DNJR4UZATAG67KZOH32/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3140
SRPMS
8/core
- libreoffice-7.3.6.2-1.mga8
- libmwaw-0.3.21-1.mga8