Description of problem: Securityissues in Libreoffice CVE-2023-0950 https://www.suse.com/security/cve/CVE-2023-0950.html Description Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1. CVE-2023-2255 https://nvd.nist.gov/vuln/detail/CVE-2023-2255 Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.
Mageia 8 ( libreoffice-7.4.5.1-1.mga8.src.rpm ) and Mageia 9 ( libreoffice-7.5.2.2-1.mga9.src.rpm )
Summary: Libreoffice - CVE-2023-0950, CVE-2023-2255 => MGA8 / MGA9 : LibreOffice - CVE-2023-0950, CVE-2023-2255
Thank you for the report. CVE-2023-0950 This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1. Well, for Cauldron at least, we already have version 7.5.2.2, so that is already fixed. Cannot judge for M8. CVE-2023-2255 This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3 We do not yet have 7.5.3 in Cauldron, so that needs doing for M9. Cannot judge for M8. Assigning to tv who is the main LO packager; CC'ing ns80 who also updates it. And luigi, who may have to correct the bug somewhere. [I CANNOT get the QA contact field set up, whatever I try]
CC: (none) => lewyssmith, luigiwalser, nicolas.salgueroComponent: RPM Packages => SecurityWhiteboard: (none) => MGA8TOOAssignee: bugsquad => thierry.vignaud
You shouldn't have to set the QA contact field manually, that should autofill when the component is changed to Security.
Summary: MGA8 / MGA9 : LibreOffice - CVE-2023-0950, CVE-2023-2255 => libreoffice new security issues CVE-2023-0950 and CVE-2023-2255Status comment: (none) => Fixed upstream in 7.4.7 and 7.5.3QA Contact: (none) => security
Upstream advisories: https://www.libreoffice.org/about-us/security/advisories/cve-2023-0950/ https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/
(In reply to David Walser from comment #3) > You shouldn't have to set the QA contact field manually, that should > autofill when the component is changed to Security. Tanks; good to know!
CC: lewyssmith => (none)
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. (CVE-2023-0950) Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. (CVE-2023-2255) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0950 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2255 https://www.libreoffice.org/about-us/security/advisories/cve-2023-0950/ https://www.libreoffice.org/about-us/security/advisories/cve-2023-2255/ ======================== Updated packages in core/updates_testing: ======================== libreoffice-langpack-ca-7.4.5.1-1.1.mga8 libreoffice-langpack-eu-7.4.5.1-1.1.mga8 libreoffice-langpack-sv-7.4.5.1-1.1.mga8 libreoffice-help-he-7.4.5.1-1.1.mga8 libreoffice-librelogo-7.4.5.1-1.1.mga8 libreoffice-langpack-zh_CN-7.4.5.1-1.1.mga8 libreoffice-kf5-7.4.5.1-1.1.mga8 libreoffice-langpack-gu-7.4.5.1-1.1.mga8 libreoffice-langpack-zh_TW-7.4.5.1-1.1.mga8 libreoffice-langpack-ja-7.4.5.1-1.1.mga8 libreoffice-langpack-sr-7.4.5.1-1.1.mga8 libreoffice-writer-7.4.5.1-1.1.mga8 libreoffice-help-fi-7.4.5.1-1.1.mga8 libreoffice-langpack-ru-7.4.5.1-1.1.mga8 libreoffice-langpack-af-7.4.5.1-1.1.mga8 libreoffice-langpack-fr-7.4.5.1-1.1.mga8 libreoffice-help-ja-7.4.5.1-1.1.mga8 libreoffice-langpack-fi-7.4.5.1-1.1.mga8 libreoffice-langpack-nso-7.4.5.1-1.1.mga8 libreoffice-help-ar-7.4.5.1-1.1.mga8 libreoffice-help-cs-7.4.5.1-1.1.mga8 libreoffice-gtk3-7.4.5.1-1.1.mga8 libreoffice-officebean-7.4.5.1-1.1.mga8 libreoffice-help-uk-7.4.5.1-1.1.mga8 libreoffice-help-it-7.4.5.1-1.1.mga8 libreoffice-core-7.4.5.1-1.1.mga8 libreoffice-help-id-7.4.5.1-1.1.mga8 libreoffice-langpack-zu-7.4.5.1-1.1.mga8 libreoffice-langpack-uk-7.4.5.1-1.1.mga8 libreoffice-postgresql-7.4.5.1-1.1.mga8 libreoffice-langpack-as-7.4.5.1-1.1.mga8 libreoffice-langpack-bg-7.4.5.1-1.1.mga8 libreoffice-graphicfilter-7.4.5.1-1.1.mga8 libreoffice-langpack-ro-7.4.5.1-1.1.mga8 libreoffice-langpack-st-7.4.5.1-1.1.mga8 libreoffice-data-7.4.5.1-1.1.mga8 libreoffice-help-sk-7.4.5.1-1.1.mga8 libreoffice-langpack-dz-7.4.5.1-1.1.mga8 libreoffice-help-eu-7.4.5.1-1.1.mga8 libreoffice-help-lt-7.4.5.1-1.1.mga8 libreoffice-langpack-lt-7.4.5.1-1.1.mga8 libreoffice-langpack-hr-7.4.5.1-1.1.mga8 libreoffice-help-eo-7.4.5.1-1.1.mga8 libreoffice-langpack-ve-7.4.5.1-1.1.mga8 libreoffice-langpack-ss-7.4.5.1-1.1.mga8 libreoffice-help-el-7.4.5.1-1.1.mga8 libreoffice-langpack-nn-7.4.5.1-1.1.mga8 libreoffice-langpack-cy-7.4.5.1-1.1.mga8 libreoffice-langpack-he-7.4.5.1-1.1.mga8 libreoffice-gdb-debug-support-7.4.5.1-1.1.mga8 libreoffice-langpack-ga-7.4.5.1-1.1.mga8 libreoffice-help-hi-7.4.5.1-1.1.mga8 libreoffice-help-ca-7.4.5.1-1.1.mga8 libreoffice-langpack-or-7.4.5.1-1.1.mga8 libreoffice-langpack-it-7.4.5.1-1.1.mga8 libreoffice-help-sl-7.4.5.1-1.1.mga8 libreoffice-langpack-hi-7.4.5.1-1.1.mga8 libreoffice-x11-7.4.5.1-1.1.mga8 libreoffice-calc-7.4.5.1-1.1.mga8 libreoffice-help-tr-7.4.5.1-1.1.mga8 libreoffice-langpack-id-7.4.5.1-1.1.mga8 libreoffice-langpack-el-7.4.5.1-1.1.mga8 libreoffice-help-pt-7.4.5.1-1.1.mga8 libreoffice-xsltfilter-7.4.5.1-1.1.mga8 libreoffice-help-nn-7.4.5.1-1.1.mga8 libreoffice-langpack-de-7.4.5.1-1.1.mga8 libreoffice-langpack-es-7.4.5.1-1.1.mga8 libreoffice-help-hr-7.4.5.1-1.1.mga8 libreoffice-filters-7.4.5.1-1.1.mga8 libreoffice-langpack-si-7.4.5.1-1.1.mga8 libreoffice-langpack-nl-7.4.5.1-1.1.mga8 libreoffice-help-nl-7.4.5.1-1.1.mga8 libreoffice-langpack-pt-7.4.5.1-1.1.mga8 libreoffice-langpack-pt_BR-7.4.5.1-1.1.mga8 libreoffice-help-dz-7.4.5.1-1.1.mga8 libreoffice-help-da-7.4.5.1-1.1.mga8 libreoffice-langpack-ts-7.4.5.1-1.1.mga8 libreoffice-langpack-hu-7.4.5.1-1.1.mga8 libreoffice-langpack-cs-7.4.5.1-1.1.mga8 libreoffice-langpack-pa-7.4.5.1-1.1.mga8 libreoffice-ure-common-7.4.5.1-1.1.mga8 libreoffice-draw-7.4.5.1-1.1.mga8 libreoffice-langpack-gl-7.4.5.1-1.1.mga8 libreofficekit-devel-7.4.5.1-1.1.mga8 libreoffice-help-en-7.4.5.1-1.1.mga8 libreoffice-sdk-doc-7.4.5.1-1.1.mga8 libreoffice-help-gl-7.4.5.1-1.1.mga8 libreoffice-langpack-kn-7.4.5.1-1.1.mga8 libreoffice-emailmerge-7.4.5.1-1.1.mga8 libreoffice-langpack-nr-7.4.5.1-1.1.mga8 libreoffice-langpack-bn-7.4.5.1-1.1.mga8 libreoffice-base-7.4.5.1-1.1.mga8 libreoffice-langpack-ml-7.4.5.1-1.1.mga8 libreoffice-math-7.4.5.1-1.1.mga8 libreoffice-help-zh_TW-7.4.5.1-1.1.mga8 libreoffice-wiki-publisher-7.4.5.1-1.1.mga8 libreoffice-langpack-lv-7.4.5.1-1.1.mga8 libreoffice-glade-7.4.5.1-1.1.mga8 libreoffice-langpack-ko-7.4.5.1-1.1.mga8 libreoffice-help-sv-7.4.5.1-1.1.mga8 libreoffice-pdfimport-7.4.5.1-1.1.mga8 libreoffice-langpack-fy-7.4.5.1-1.1.mga8 libreoffice-help-si-7.4.5.1-1.1.mga8 libreoffice-help-bn-7.4.5.1-1.1.mga8 libreoffice-langpack-ar-7.4.5.1-1.1.mga8 libreoffice-help-de-7.4.5.1-1.1.mga8 libreoffice-sdk-7.4.5.1-1.1.mga8 libreoffice-langpack-tr-7.4.5.1-1.1.mga8 libreoffice-langpack-nb-7.4.5.1-1.1.mga8 libreoffice-langpack-ta-7.4.5.1-1.1.mga8 libreoffice-help-lv-7.4.5.1-1.1.mga8 libreoffice-langpack-eo-7.4.5.1-1.1.mga8 libreoffice-ure-7.4.5.1-1.1.mga8 libreoffice-langpack-da-7.4.5.1-1.1.mga8 libreoffice-help-fr-7.4.5.1-1.1.mga8 libreoffice-langpack-et-7.4.5.1-1.1.mga8 libreoffice-help-et-7.4.5.1-1.1.mga8 libreofficekit-7.4.5.1-1.1.mga8 libreoffice-help-bg-7.4.5.1-1.1.mga8 libreoffice-7.4.5.1-1.1.mga8 libreoffice-help-gu-7.4.5.1-1.1.mga8 libreoffice-help-zh_CN-7.4.5.1-1.1.mga8 libreoffice-langpack-br-7.4.5.1-1.1.mga8 libreoffice-ogltrans-7.4.5.1-1.1.mga8 libreoffice-langpack-mr-7.4.5.1-1.1.mga8 libreoffice-langpack-te-7.4.5.1-1.1.mga8 libreoffice-langpack-fa-7.4.5.1-1.1.mga8 libreoffice-help-nb-7.4.5.1-1.1.mga8 libreoffice-help-ta-7.4.5.1-1.1.mga8 libreoffice-help-pl-7.4.5.1-1.1.mga8 libreoffice-help-es-7.4.5.1-1.1.mga8 libreoffice-langpack-mai-7.4.5.1-1.1.mga8 libreoffice-help-hu-7.4.5.1-1.1.mga8 libreoffice-help-ro-7.4.5.1-1.1.mga8 libreoffice-langpack-sk-7.4.5.1-1.1.mga8 libreoffice-help-ko-7.4.5.1-1.1.mga8 libreoffice-langpack-th-7.4.5.1-1.1.mga8 libreoffice-help-pt_BR-7.4.5.1-1.1.mga8 libreoffice-langpack-tn-7.4.5.1-1.1.mga8 libreoffice-help-ru-7.4.5.1-1.1.mga8 libreoffice-langpack-pl-7.4.5.1-1.1.mga8 libreoffice-impress-7.4.5.1-1.1.mga8 libreoffice-langpack-en-7.4.5.1-1.1.mga8 libreoffice-langpack-xh-7.4.5.1-1.1.mga8 libreoffice-langpack-kk-7.4.5.1-1.1.mga8 libreoffice-langpack-sl-7.4.5.1-1.1.mga8 libreoffice-pyuno-7.4.5.1-1.1.mga8 libreoffice-nlpsolver-7.4.5.1-1.1.mga8 autocorr-ga-7.4.5.1-1.1.mga8 autocorr-zh-7.4.5.1-1.1.mga8 autocorr-ca-7.4.5.1-1.1.mga8 autocorr-sl-7.4.5.1-1.1.mga8 autocorr-dsb-7.4.5.1-1.1.mga8 autocorr-ru-7.4.5.1-1.1.mga8 autocorr-el-7.4.5.1-1.1.mga8 autocorr-ro-7.4.5.1-1.1.mga8 autocorr-af-7.4.5.1-1.1.mga8 autocorr-fi-7.4.5.1-1.1.mga8 autocorr-da-7.4.5.1-1.1.mga8 autocorr-hsb-7.4.5.1-1.1.mga8 autocorr-bg-7.4.5.1-1.1.mga8 autocorr-pt-7.4.5.1-1.1.mga8 autocorr-de-7.4.5.1-1.1.mga8 autocorr-pl-7.4.5.1-1.1.mga8 autocorr-sr-7.4.5.1-1.1.mga8 autocorr-mn-7.4.5.1-1.1.mga8 autocorr-lb-7.4.5.1-1.1.mga8 autocorr-nl-7.4.5.1-1.1.mga8 autocorr-sv-7.4.5.1-1.1.mga8 autocorr-hr-7.4.5.1-1.1.mga8 autocorr-en-7.4.5.1-1.1.mga8 autocorr-fr-7.4.5.1-1.1.mga8 libreoffice-officebean-common-7.4.5.1-1.1.mga8 autocorr-sk-7.4.5.1-1.1.mga8 autocorr-cs-7.4.5.1-1.1.mga8 libreoffice-opensymbol-fonts-7.4.5.1-1.1.mga8 autocorr-vro-7.4.5.1-1.1.mga8 autocorr-tr-7.4.5.1-1.1.mga8 autocorr-is-7.4.5.1-1.1.mga8 autocorr-vi-7.4.5.1-1.1.mga8 autocorr-es-7.4.5.1-1.1.mga8 autocorr-lt-7.4.5.1-1.1.mga8 autocorr-ja-7.4.5.1-1.1.mga8 autocorr-fa-7.4.5.1-1.1.mga8 autocorr-it-7.4.5.1-1.1.mga8 autocorr-hu-7.4.5.1-1.1.mga8 autocorr-ko-7.4.5.1-1.1.mga8 from SRPM: libreoffice-7.4.5.1-1.1.mga8.src.rpm
Version: Cauldron => 8Source RPM: (none) => libreoffice-7.4.5.1-1.mga8.src.rpmWhiteboard: MGA8TOO => (none)Status: NEW => ASSIGNEDAssignee: thierry.vignaud => qa-bugsStatus comment: Fixed upstream in 7.4.7 and 7.5.3 => (none)
@Nicolas Could you plse plse next time sort the list aplhabetically. Thatmakes working with QARepo so much easier.. Remark before installing: there is on my laptop a package libreoffice-7.4.5.1-1 and no libreoffice-7.4.5.1-1.1 in the update, seems strange. Continuing anyway.
CC: (none) => herman.viaene
The following package has to be removed for others to be upgraded: libreoffice-7.4.5.1-1.mga8.x86_64 (due to unsatisfied libreoffice-base(x86-64) == 1:7.4.5.1-1.mga8)
I think the mirror you use is not up to date.
CC: (none) => mageia
The message refers to that libreoffice-7.4.5.1-1.mga8 for which I overlooked the 1.1. Make installation complete without further problems. Tested files xlsx, docx, odt, ods, odp, pptx and odb. All OK except for issue bug 31894. Good enough for me.
Installed and tested without issues. Tested on a bunch of native and Microsoft Office files. No issues noticed. Also tested the issue bug 31894 as mentioned in comment 10 by Herman Viaene but was unable to trigger the bug. No idea if I'm doing it wrong since I don't use that LibreOffice application. System: Mageia 8, x86_64, Plasma DE, LXQt DE, AMD Ryzen 5 5600G with Radeon Graphics. $ uname -a Linux jupiter 6.1.27-desktop-2.mga8 #1 SMP PREEMPT_DYNAMIC Mon May 8 20:42:00 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep libreoffice | sort libreoffice-7.4.5.1-1.1.mga8 libreoffice-base-7.4.5.1-1.1.mga8 libreoffice-calc-7.4.5.1-1.1.mga8 libreoffice-core-7.4.5.1-1.1.mga8 libreoffice-data-7.4.5.1-1.1.mga8 libreoffice-draw-7.4.5.1-1.1.mga8 libreoffice-emailmerge-7.4.5.1-1.1.mga8 libreoffice-graphicfilter-7.4.5.1-1.1.mga8 libreoffice-gtk3-7.4.5.1-1.1.mga8 libreoffice-help-pt-7.4.5.1-1.1.mga8 libreoffice-impress-7.4.5.1-1.1.mga8 libreoffice-kf5-7.4.5.1-1.1.mga8 libreoffice-langpack-pt-7.4.5.1-1.1.mga8 libreoffice-math-7.4.5.1-1.1.mga8 libreoffice-ogltrans-7.4.5.1-1.1.mga8 libreoffice-opensymbol-fonts-7.4.5.1-1.1.mga8 libreoffice-pdfimport-7.4.5.1-1.1.mga8 libreoffice-pyuno-7.4.5.1-1.1.mga8 libreoffice-ure-7.4.5.1-1.1.mga8 libreoffice-ure-common-7.4.5.1-1.1.mga8 libreoffice-writer-7.4.5.1-1.1.mga8
@PC LX To trigger the bug, it"s best to use the emp.odb file as refered in the bug. Run the report provided and the bug is that the report shows on one page, where there should be page breaks to get 3 pages.
(In reply to Herman Viaene from comment #12) > @PC LX > To trigger the bug, it"s best to use the emp.odb file as refered in the bug. > Run the report provided and the bug is that the report shows on one page, > where there should be page breaks to get 3 pages. Bug confirmed as Herman Viaene described (thanks Herman). No other issues noticed and since it is not a regression I vote to OK this update.
No installation issues. Loaded and edited several old Writer, Word, Calc, and Excel documents, with no issues noted. With no new regressions, I'm giving this an OK, and validating. Advisory in comment 6.
Whiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0194.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED