Advisories » MGASA-2024-0320

Updated libreoffice package fixes security vulnerability

Publication date: 28 Sep 2024
Modification date: 28 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-6472

Description

The Certificate Validation user interface in LibreOffice allows a potential
vulnerability. Signed macros are scripts that have been digitally signed
by the developer using a cryptographic signature. When a document with a
signed macro is opened a warning is displayed by LibreOffice before the
macro is executed. Previously, if verification failed the user could fail
to understand the failure and choose to enable the macros anyway. This
issue affects LibreOffice: from 24.2 before 24.2.5.
Also our current version is EOL, so we are updating to a supported
version.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33449
• https://bugs.mageia.org/show_bug.cgi?id=33528
• https://ubuntu.com/security/notices/USN-6962-1
• https://www.libreoffice.org/about-us/security/advisories/cve-2024-6472/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6472

SRPMS

9/core

• libreoffice-24.2.5.2-1.1.mga9
• zxcvbn-c-2.5-2.mga9