Advisories » MGASA-2019-0102

Updated libreoffice packages fix security vulnerability

Publication date: 22 Feb 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-16858

Description

Alex Infuehr discovered a directory traversal vulnerability which could
result in the execution of Python script code when opening a malformed
document (CVE-2018-16858).

The libreoffice package has been updated to version 6.1.5.2, fixing this
issue, and including several other bug fixes and enhancements.  Several
supporting library packages have been updated as well.

Here's the list of improvements from 5.3 to 6.1:
https://wiki.documentfoundation.org/ReleaseNotes/5.4
https://wiki.documentfoundation.org/ReleaseNotes/6.0
https://wiki.documentfoundation.org/ReleaseNotes/6.1
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24309
• https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/
• https://www.debian.org/security/2019/dsa-4381
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16858

SRPMS

6/core

• libabw-0.1.2-1.mga6
• libcdr-0.1.5-1.mga6
• libcmis-0.5.2-1.mga6
• libe-book-0.1.3-1.mga6
• libetonyek-0.1.9-1.mga6
• libfreehand-0.1.2-2.mga6
• libmspub-0.1.4-1.mga6
• libmwaw-0.3.14-2.mga6
• libodfgen-0.1.7-1.mga6
• libpagemaker-0.0.4-1.mga6
• libstaroffice-0.0.6-1.mga6
• libvisio-0.1.6-1.mga6
• libwpg-0.3.3-1.mga6
• libwps-0.4.10-1.mga6
• libzmf-0.0.2-1.mga6
• cppunit-1.14.0-1.mga6
• libepubgen-0.1.1-2.mga6
• libixion-0.14.1-1.mga6
• libnumbertext-1.0.5-1.mga6
• liborcus-0.14.1-1.mga6
• libqxp-0.0.2-1.mga6
• mdds-1.4.3-1.mga6
• libreoffice-6.1.5.2-1.2.mga6