Bug 30959

Summary: libreoffice new security issue CVE-2022-3140
Product: Mageia Reporter: Nicolas Salguero <nicolas.salguero>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, brtians1, davidwhodgins, fri, guillaume.royer, herman.viaene, nicolas.salguero, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8-64-OK
Source RPM: libreoffice-7.3.5.2-1.mga8.src.rpm CVE: CVE-2022-3140
Status comment:
Attachments: screen capture comment 5

Description Nicolas Salguero 2022-10-13 09:19:22 CEST 
The Document Foundation has issued an advisory yesterday (October 12):
https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140

The issue is fixed upstream in 7.4.1 and 7.3.6.

Mageia 8 is also affected.
Nicolas Salguero 2022-10-13 09:20:28 CEST

CVE: (none) => CVE-2022-3140
CC: (none) => nicolas.salguero
Source RPM: (none) => libreoffice-7.4.0.3-2.mga9.src.rpm
Status comment: (none) => Fixed upstream in 7.4.1 and 7.3.6
Whiteboard: (none) => MGA8TOO

Comment 1 David Walser 2022-10-13 14:47:32 CEST 
Debian has issued an advisory for this on October 12:
https://www.debian.org/security/2022/dsa-5252
Comment 2 Lewis Smith 2022-10-13 20:51:36 CEST 
Assigning to Thierry, who normally deals with LO.

Assignee: bugsquad => thierry.vignaud

Comment 3 Nicolas Salguero 2022-10-19 14:43:29 CEST 
For Mageia 8:

Updated packages in core/updates_testing:
========================
libreoffice-help-zh_CN-7.3.6.2-1.mga8
libreoffice-help-zh_TW-7.3.6.2-1.mga8
libreoffice-help-de-7.3.6.2-1.mga8
libreoffice-help-it-7.3.6.2-1.mga8
libreoffice-help-es-7.3.6.2-1.mga8
libreoffice-help-fr-7.3.6.2-1.mga8
libreoffice-help-uk-7.3.6.2-1.mga8
libreoffice-help-ru-7.3.6.2-1.mga8
libreoffice-help-ko-7.3.6.2-1.mga8
libreoffice-help-ta-7.3.6.2-1.mga8
libreoffice-help-bn-7.3.6.2-1.mga8
libreoffice-help-ja-7.3.6.2-1.mga8
libreoffice-help-bg-7.3.6.2-1.mga8
libreoffice-help-el-7.3.6.2-1.mga8
libreoffice-help-dz-7.3.6.2-1.mga8
libreoffice-help-ca-7.3.6.2-1.mga8
libreoffice-help-nl-7.3.6.2-1.mga8
libreoffice-help-tr-7.3.6.2-1.mga8
libreoffice-help-hu-7.3.6.2-1.mga8
libreoffice-help-pt_BR-7.3.6.2-1.mga8
libreoffice-help-pt-7.3.6.2-1.mga8
libreoffice-help-eu-7.3.6.2-1.mga8
libreoffice-help-pl-7.3.6.2-1.mga8
libreoffice-help-fi-7.3.6.2-1.mga8
libreoffice-help-da-7.3.6.2-1.mga8
libreoffice-help-lt-7.3.6.2-1.mga8
libreoffice-help-sl-7.3.6.2-1.mga8
libreoffice-help-cs-7.3.6.2-1.mga8
libreoffice-help-hi-7.3.6.2-1.mga8
libreoffice-help-nn-7.3.6.2-1.mga8
libreoffice-help-gl-7.3.6.2-1.mga8
libreoffice-help-sv-7.3.6.2-1.mga8
libreoffice-help-sk-7.3.6.2-1.mga8
libreoffice-help-et-7.3.6.2-1.mga8
libreoffice-help-si-7.3.6.2-1.mga8
libreoffice-help-nb-7.3.6.2-1.mga8
libreoffice-help-eo-7.3.6.2-1.mga8
libreoffice-help-id-7.3.6.2-1.mga8
libreoffice-help-lv-7.3.6.2-1.mga8
libreoffice-help-gu-7.3.6.2-1.mga8
libreoffice-help-hr-7.3.6.2-1.mga8
libreoffice-help-ar-7.3.6.2-1.mga8
libreoffice-help-en-7.3.6.2-1.mga8
libreoffice-help-he-7.3.6.2-1.mga8
libreoffice-help-ro-7.3.6.2-1.mga8
libreoffice-calc-7.3.6.2-1.mga8
libreoffice-base-7.3.6.2-1.mga8
libreoffice-langpack-el-7.3.6.2-1.mga8
libreoffice-langpack-ru-7.3.6.2-1.mga8
libreoffice-langpack-uk-7.3.6.2-1.mga8
libreoffice-ure-7.3.6.2-1.mga8
libreoffice-langpack-bg-7.3.6.2-1.mga8
libreoffice-xsltfilter-7.3.6.2-1.mga8
libreoffice-langpack-sr-7.3.6.2-1.mga8
libreoffice-langpack-fr-7.3.6.2-1.mga8
libreoffice-langpack-hu-7.3.6.2-1.mga8
libreoffice-langpack-de-7.3.6.2-1.mga8
libreoffice-langpack-it-7.3.6.2-1.mga8
libreoffice-langpack-sk-7.3.6.2-1.mga8
libreoffice-langpack-pt_BR-7.3.6.2-1.mga8
libreoffice-langpack-nl-7.3.6.2-1.mga8
libreoffice-langpack-es-7.3.6.2-1.mga8
libreoffice-langpack-pt-7.3.6.2-1.mga8
libreoffice-langpack-cs-7.3.6.2-1.mga8
libreoffice-writer-7.3.6.2-1.mga8
libreoffice-langpack-sl-7.3.6.2-1.mga8
libreoffice-langpack-pl-7.3.6.2-1.mga8
libreoffice-langpack-ca-7.3.6.2-1.mga8
libreoffice-langpack-da-7.3.6.2-1.mga8
libreoffice-langpack-sv-7.3.6.2-1.mga8
libreoffice-langpack-tr-7.3.6.2-1.mga8
libreoffice-langpack-zh_TW-7.3.6.2-1.mga8
libreoffice-langpack-gl-7.3.6.2-1.mga8
libreoffice-langpack-eu-7.3.6.2-1.mga8
libreoffice-langpack-af-7.3.6.2-1.mga8
libreoffice-langpack-ja-7.3.6.2-1.mga8
libreoffice-langpack-cy-7.3.6.2-1.mga8
libreoffice-langpack-id-7.3.6.2-1.mga8
libreoffice-langpack-eo-7.3.6.2-1.mga8
libreoffice-langpack-nn-7.3.6.2-1.mga8
libreoffice-langpack-nb-7.3.6.2-1.mga8
libreoffice-langpack-zh_CN-7.3.6.2-1.mga8
libreoffice-langpack-et-7.3.6.2-1.mga8
libreoffice-langpack-fy-7.3.6.2-1.mga8
libreoffice-sdk-7.3.6.2-1.mga8
libreoffice-langpack-ta-7.3.6.2-1.mga8
libreoffice-wiki-publisher-7.3.6.2-1.mga8
libreoffice-langpack-lt-7.3.6.2-1.mga8
libreoffice-langpack-ko-7.3.6.2-1.mga8
libreoffice-langpack-kk-7.3.6.2-1.mga8
libreoffice-langpack-fi-7.3.6.2-1.mga8
libreoffice-langpack-ar-7.3.6.2-1.mga8
libreoffice-langpack-lv-7.3.6.2-1.mga8
libreoffice-langpack-gu-7.3.6.2-1.mga8
libreoffice-langpack-ga-7.3.6.2-1.mga8
libreoffice-data-7.3.6.2-1.mga8
libreoffice-langpack-hr-7.3.6.2-1.mga8
libreoffice-langpack-or-7.3.6.2-1.mga8
libreoffice-langpack-dz-7.3.6.2-1.mga8
libreoffice-langpack-kn-7.3.6.2-1.mga8
libreoffice-langpack-ro-7.3.6.2-1.mga8
libreoffice-ure-common-7.3.6.2-1.mga8
libreoffice-langpack-ml-7.3.6.2-1.mga8
libreoffice-langpack-mr-7.3.6.2-1.mga8
libreoffice-langpack-th-7.3.6.2-1.mga8
libreoffice-langpack-br-7.3.6.2-1.mga8
libreoffice-langpack-he-7.3.6.2-1.mga8
libreoffice-langpack-bn-7.3.6.2-1.mga8
libreoffice-gtk3-7.3.6.2-1.mga8
libreoffice-langpack-as-7.3.6.2-1.mga8
libreoffice-pyuno-7.3.6.2-1.mga8
libreoffice-langpack-te-7.3.6.2-1.mga8
libreoffice-impress-7.3.6.2-1.mga8
libreoffice-langpack-nso-7.3.6.2-1.mga8
libreoffice-langpack-pa-7.3.6.2-1.mga8
libreoffice-langpack-hi-7.3.6.2-1.mga8
libreoffice-langpack-fa-7.3.6.2-1.mga8
libreoffice-nlpsolver-7.3.6.2-1.mga8
libreoffice-langpack-mai-7.3.6.2-1.mga8
libreoffice-langpack-zu-7.3.6.2-1.mga8
libreoffice-langpack-xh-7.3.6.2-1.mga8
libreoffice-langpack-si-7.3.6.2-1.mga8
libreoffice-opensymbol-fonts-7.3.6.2-1.mga8
libreoffice-ogltrans-7.3.6.2-1.mga8
libreoffice-pdfimport-7.3.6.2-1.mga8
libreoffice-librelogo-7.3.6.2-1.mga8
libreoffice-x11-7.3.6.2-1.mga8
libreoffice-langpack-ve-7.3.6.2-1.mga8
autocorr-ro-7.3.6.2-1.mga8
autocorr-pt-7.3.6.2-1.mga8
libreoffice-kf5-7.3.6.2-1.mga8
libreoffice-postgresql-7.3.6.2-1.mga8
autocorr-fa-7.3.6.2-1.mga8
autocorr-en-7.3.6.2-1.mga8
autocorr-zh-7.3.6.2-1.mga8
libreoffice-graphicfilter-7.3.6.2-1.mga8
autocorr-hu-7.3.6.2-1.mga8
autocorr-nl-7.3.6.2-1.mga8
autocorr-el-7.3.6.2-1.mga8
autocorr-pl-7.3.6.2-1.mga8
autocorr-ko-7.3.6.2-1.mga8
autocorr-tr-7.3.6.2-1.mga8
autocorr-ja-7.3.6.2-1.mga8
autocorr-hr-7.3.6.2-1.mga8
libreoffice-langpack-ss-7.3.6.2-1.mga8
libreoffice-langpack-ts-7.3.6.2-1.mga8
autocorr-da-7.3.6.2-1.mga8
libreoffice-langpack-tn-7.3.6.2-1.mga8
autocorr-sk-7.3.6.2-1.mga8
libreoffice-langpack-nr-7.3.6.2-1.mga8
autocorr-cs-7.3.6.2-1.mga8
autocorr-ca-7.3.6.2-1.mga8
libreoffice-langpack-st-7.3.6.2-1.mga8
autocorr-sl-7.3.6.2-1.mga8
autocorr-es-7.3.6.2-1.mga8
autocorr-ru-7.3.6.2-1.mga8
autocorr-dsb-7.3.6.2-1.mga8
autocorr-hsb-7.3.6.2-1.mga8
autocorr-lt-7.3.6.2-1.mga8
autocorr-fr-7.3.6.2-1.mga8
autocorr-fi-7.3.6.2-1.mga8
autocorr-bg-7.3.6.2-1.mga8
autocorr-de-7.3.6.2-1.mga8
autocorr-it-7.3.6.2-1.mga8
autocorr-sv-7.3.6.2-1.mga8
autocorr-lb-7.3.6.2-1.mga8
autocorr-sr-7.3.6.2-1.mga8
autocorr-vi-7.3.6.2-1.mga8
autocorr-ga-7.3.6.2-1.mga8
autocorr-mn-7.3.6.2-1.mga8
autocorr-is-7.3.6.2-1.mga8
libreoffice-officebean-7.3.6.2-1.mga8
autocorr-af-7.3.6.2-1.mga8
libreoffice-math-7.3.6.2-1.mga8
libreoffice-officebean-common-7.3.6.2-1.mga8
libreoffice-draw-7.3.6.2-1.mga8
libreoffice-glade-7.3.6.2-1.mga8
libreoffice-filters-7.3.6.2-1.mga8
libreoffice-emailmerge-7.3.6.2-1.mga8
libreoffice-7.3.6.2-1.mga8
libreoffice-gdb-debug-support-7.3.6.2-1.mga8
libreoffice-langpack-en-7.3.6.2-1.mga8
libreofficekit-devel-7.3.6.2-1.mga8
autocorr-vro-7.3.6.2-1.mga8
libreofficekit-7.3.6.2-1.mga8
libreoffice-core-7.3.6.2-1.mga8
libreoffice-sdk-doc-7.3.6.2-1.mga8

from SRPM:
libreoffice-7.3.6.2-1.mga8.src.rpm
Comment 4 Nicolas Salguero 2022-10-21 09:02:45 CEST 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. (CVE-2022-3140)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3140
https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140
https://www.debian.org/security/2022/dsa-5252

Whiteboard: MGA8TOO => (none)
Status: NEW => ASSIGNED
Version: Cauldron => 8
Source RPM: libreoffice-7.4.0.3-2.mga9.src.rpm => libreoffice-7.3.5.2-1.mga8.src.rpm
Status comment: Fixed upstream in 7.4.1 and 7.3.6 => (none)
Assignee: thierry.vignaud => qa-bugs

Comment 5 Guillaume Royer 2022-10-21 10:58:44 CEST 
MGA8 64 XFCE,

Updated with QA repo and rpms:

autocorr-fr                    7.3.6.2      1.mga8        noarch  
libreoffice-base               7.3.6.2      1.mga8        x86_64  
libreoffice-calc               7.3.6.2      1.mga8        x86_64  
libreoffice-core               7.3.6.2      1.mga8        x86_64  
libreoffice-data               7.3.6.2      1.mga8        x86_64  
libreoffice-draw               7.3.6.2      1.mga8        x86_64  
libreoffice-graphicfilter      7.3.6.2      1.mga8        x86_64  
libreoffice-gtk3               7.3.6.2      1.mga8        x86_64  
libreoffice-help-fr            7.3.6.2      1.mga8        x86_64  
libreoffice-impress            7.3.6.2      1.mga8        x86_64  
libreoffice-langpack-fr        7.3.6.2      1.mga8        x86_64  
libreoffice-math               7.3.6.2      1.mga8        x86_64  
libreoffice-ogltrans           7.3.6.2      1.mga8        x86_64  
libreoffice-opensymbol-fonts   7.3.6.2      1.mga8        noarch  
libreoffice-pdfimport          7.3.6.2      1.mga8        x86_64  
libreoffice-pyuno              7.3.6.2      1.mga8        x86_64  
libreoffice-ure                7.3.6.2      1.mga8        x86_64  
libreoffice-ure-common         7.3.6.2      1.mga8        x86_64  
libreoffice-writer             7.3.6.2      1.mga8        x86_64  
libreoffice-x11                7.3.6.2      1.mga8        x86_64  
libreoffice-xsltfilter         7.3.6.2      1.mga8        x86_64  

I had a problem moving a maximized window.
I ended up with Writer reduced in an odd way. See attached picture. This is a problem that I reproduce in a random way.
For the rest I tested Writer it's ok. 
I just opened and closed the other software of the Libre Office suite.

CC: (none) => guillaume.royer

Comment 6 Guillaume Royer 2022-10-21 11:00:43 CEST 
Created attachment 13432 [details]
screen capture comment 5
Guillaume Royer 2022-10-21 11:01:09 CEST

Attachment 13432 description: screen capture comment 5 (Guygoye) => screen capture comment 5

Comment 7 Brian Rockwell 2022-10-21 22:40:07 CEST 
Upgraded.  Noticed the same issue and stretching out the screen resolved the same.  Must of been an update that negated our original default non-full screen size.

CC: (none) => brtians1

Comment 8 Morgan Leijström 2022-10-23 22:41:25 CEST 
mga8-64, small test OK
Plasma, i7, nvidia-current, 4K screen
clean update
Swedish localisation
Edited spreadsheet and text documents, printed.

CC: (none) => fri

Comment 9 David Walser 2022-10-24 18:17:59 CEST 
Fedora has issued an advisory for this on October 23:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TORANVTIWWBH3DNJR4UZATAG67KZOH32/
Comment 10 Herman Viaene 2022-10-25 17:15:54 CEST 
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Tested odt, ods (with refreshing data from an odb), 245Mb odp, odb application in all aspects I use (tables, queries, forms, reports) all OK.

CC: (none) => herman.viaene

Comment 11 Thomas Andrews 2022-10-27 16:01:29 CEST 
No installation issues. Loaded and altered several documents, including Word and Excel documents, with no issues.

With several successful tests, giving this an OK, and validating. Advisory in Comment 4.

CC: (none) => andrewsfarm, sysadmin-bugs
Whiteboard: (none) => MGA8-64-OK
Keywords: (none) => validated_update

Dave Hodgins 2022-10-28 03:46:39 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 12 David Walser 2022-10-28 04:29:42 CEST 
Can you confirm the SRPMS in the advisory?  During the course of testing, libreoffice was updated again, and libmwaw was added to this update, but nothing was posted here about it.

Keywords: advisory, validated_update => (none)

Comment 13 Dave Hodgins 2022-10-28 04:44:47 CEST 
Advisory in svn now has ...
$ cat 30959.adv 
type: security
subject: Updated libreoffice packages fix security vulnerability
CVE:
 - CVE-2022-3140
src:
  8:
   core:
     - libreoffice-7.3.6.2-1.mga8
     - libmwaw-0.3.21-1.mga8
description: |
  LibreOffice supports Office URI Schemes to enable browser integration of
  LibreOffice with MS SharePoint server. An additional scheme
  'vnd.libreoffice.command' specific to LibreOffice was added. In the
  affected versions of LibreOffice links using that scheme could be
  constructed to call internal macros with arbitrary arguments. Which when
  clicked on, or activated by document events, could result in arbitrary
  script execution without warning. (CVE-2022-3140)
references:
 - https://bugs.mageia.org/show_bug.cgi?id=30959
 - https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140
 - https://www.debian.org/security/2022/dsa-5252
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TORANVTIWWBH3DNJR4UZATAG67KZOH32/
Comment 14 Thomas Andrews 2022-10-28 15:31:59 CEST 
I had used the rpm list at http://madb.mageia.org/tools/listRpmsForQaBug/bugnum/30959/application/0 in qarepo to do my test, but checking back I see that libmwaw was not a part of that at the time, and did not get updated. So, I ran an updated list from the same source in qarepo once again, then went to Mageia Update:

The following package is going to be installed:

- lib64mwaw0.3_3-0.3.21-1.mga8.x86_64

838KB of additional disk space will be used.

2.8MB of packages will be retrieved.

Is it ok to continue?

There were no installation issues.

According to the description, "libmwaw is a library for import of old Mac documents." I do not have any old Mac documents, so even if I had updated libmwaw for my other test, I would not have tested for that particular feature of Libreoffice. 

Because this is a critical update, I am inclined to keep the OK based on my previous test and the clean install of the additional package, and to validate this update again. If it does need additional testing on "old Mac documents," someone else will have to do it.

Keywords: (none) => validated_update

David Walser 2022-10-29 00:29:46 CEST

Keywords: (none) => advisory

Comment 15 David Walser 2022-10-29 00:31:54 CEST 
Yeah let's get this pushed.  The subsequent libreoffice build failed, but I guess it will be coming soon.
Comment 16 Mageia Robot 2022-10-29 01:34:00 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2022-0400.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED