Updated libreoffice packages fix security vulnerabilities
Publication date: 10 Apr 2024Modification date: 10 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-6185 , CVE-2023-6186
Description
Improper input validation enabling arbitrary Gstreamer pipeline
injection. (CVE-2023-6185)
Link targets allow arbitrary script execution. (CVE-2023-6186)
References
- https://bugs.mageia.org/show_bug.cgi?id=32990
- https://lwn.net/Articles/966025/
- https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185/
- https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6185
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6186
SRPMS
9/core
- libreoffice-7.6.6.3-1.mga9
- libcmis-0.6.2-1.mga9
- frozen-1.1.1-1.mga9
- mdds-2.1.1-1.mga9
- libixion-0.19.0-1.mga9
- liborcus-0.19.2-1.mga9