Alpine: multiple libreoffice packages: security update to 6.2.5.2-r0 (deprecated)

critical Tenable Self-Hosted Container Security Plugin ID 400507

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can
execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a
feature where documents can specify that pre-installed scripts can be executed on various document script
events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo
from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed
malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This
issue affects: Document Foundation LibreOffice versions prior to 6.2.6. (CVE-2019-9850)

- LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can
execute arbitrary python commands contained with the document it is launched from. Protection was added,
to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over.
However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can
be executed on various global script events such as document-open, etc. In the fixed versions, global
script event handlers are validated equivalently to document script event handlers. This issue affects:
Document Foundation LibreOffice versions prior to 6.2.6. (CVE-2019-9851)

- LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various
script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under
the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was
added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary
locations on the file system could be executed. However this new protection could be bypassed by a URL
encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded
before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
(CVE-2019-9852)

See Also

https://git.alpinelinux.org/aports/commit/?id=21f16e773dfa5bdb7de40ef44927cb37ca05d6c3

https://git.alpinelinux.org/aports/commit/?id=2f34a3185c1dc8793da9a545251c9f1a5582dbdc

Plugin Details

Severity: Critical

ID: 400507

Version: Revision 1.26

Type: Local

Published: 8/16/2023

Updated: 2/19/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: High

Score: 7.9

Percentile: 99.47

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-9851

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/20/2019

Vulnerability Publication Date: 8/15/2019

Exploitable With

Core Impact

Metasploit (LibreOffice Macro Python Code Execution)

Reference Information

CVE: CVE-2019-9850, CVE-2019-9851, CVE-2019-9852

IAVB: 2019-B-0078