Updated libreoffice packages fix security vulnerabilities

2024-04-1007:03:52

Gentoo Foundation

advisories.mageia.org

libreoffice

security

vulnerabilities

input validation

gstreamer

pipeline injection

cve-2023-6185

link targets

script execution

cve-2023-6186

unix

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.7%

JSON

Improper input validation enabling arbitrary Gstreamer pipeline injection. (CVE-2023-6185) Link targets allow arbitrary script execution. (CVE-2023-6186)

OSVersionArchitecturePackageVersionFilename
Mageia9noarchlibreoffice< 7.6.6.3-1libreoffice-7.6.6.3-1.mga9
Mageia9noarchlibcmis< 0.6.2-1libcmis-0.6.2-1.mga9
Mageia9noarchfrozen< 1.1.1-1frozen-1.1.1-1.mga9
Mageia9noarchmdds< 2.1.1-1mdds-2.1.1-1.mga9
Mageia9noarchlibixion< 0.19.0-1libixion-0.19.0-1.mga9
Mageia9noarchliborcus< 0.19.2-1liborcus-0.19.2-1.mga9

OS	Version	Architecture	Package	Version	Filename
Mageia	9	noarch	libreoffice	< 7.6.6.3-1	libreoffice-7.6.6.3-1.mga9
Mageia	9	noarch	libcmis	< 0.6.2-1	libcmis-0.6.2-1.mga9
Mageia	9	noarch	frozen	< 1.1.1-1	frozen-1.1.1-1.mga9
Mageia	9	noarch	mdds	< 2.1.1-1	mdds-2.1.1-1.mga9
Mageia	9	noarch	libixion	< 0.19.0-1	libixion-0.19.0-1.mga9
Mageia	9	noarch	liborcus	< 0.19.2-1	liborcus-0.19.2-1.mga9