Arch Linux Security Advisory ASA-201908-9 ========================================= Severity: High Date : 2019-08-16 CVE-ID : CVE-2019-9848 CVE-2019-9849 Package : libreoffice-still Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1010 Summary ======= The package libreoffice-still before version 6.2.6-1 is vulnerable to multiple issues including arbitrary command execution and information disclosure. Resolution ========== Upgrade to 6.2.6-1. # pacman -Syu "libreoffice-still>=6.2.6-1" The problems have been fixed upstream in version 6.2.6. Workaround ========== None. Description =========== - CVE-2019-9848 (arbitrary command execution) An issue has been found in LibreOffice before 6.2.5, where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. - CVE-2019-9849 (information disclosure) LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. Impact ====== A remote attacker is able to execute arbitrary commands via a specially crafted document or disclose bullet graphics from locations which should be hidden when 'stealth mode' is enabled. References ========== https://security.archlinux.org/CVE-2019-9848 https://security.archlinux.org/CVE-2019-9849 https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848 https://github.com/LibreOffice/core/commit/5d47b7b3f6a134037f1f3d8c018505244d7be484 https://github.com/LibreOffice/core/commit/3dd024a28a98a9d4b4efc3c7ec6acaa94d2b25fd https://www.libreoffice.org/about-us/security/advisories/cve-2019-9849 https://security.archlinux.org/CVE-2019-9848 https://security.archlinux.org/CVE-2019-9849