Updated libreoffice packages fix security vulnerability
Publication date: 08 Jun 2023Modification date: 08 Jun 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-0950 , CVE-2023-2255
Description
Improper Validation of Array Index vulnerability in the spreadsheet
component of The Document Foundation LibreOffice allows an attacker to
craft a spreadsheet document that will cause an array index underflow when
loaded. In the affected versions of LibreOffice certain malformed
spreadsheet formulas, such as AGGREGATE, could be created with less
parameters passed to the formula interpreter than it expected, leading to
an array index underflow, in which case there is a risk that arbitrary
code could be executed. (CVE-2023-0950)
Improper access control in editor components of The Document Foundation
LibreOffice allowed an attacker to craft a document that would cause
external links to be loaded without prompt. In the affected versions of
LibreOffice documents that used "floating frames" linked to external
files, would load the contents of those frames without prompting the user
for permission to do so. This was inconsistent with the treatment of other
linked content in LibreOffice. (CVE-2023-2255)
References
- https://bugs.mageia.org/show_bug.cgi?id=31964
- https://www.libreoffice.org/about-us/security/advisories/cve-2023-0950/
- https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0950
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2255
SRPMS
8/core
- libreoffice-7.4.5.1-1.1.mga8