Fedora 29 : 1:libreoffice (2019-2fe22a3a2c)

critical Nessus Plugin ID 128128

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

- CVE-2019-9850 Insufficient url validation allowing LibreLogo script execution

- CVE-2019-9851 LibreLogo global-event script execution

- CVE-2019-9852 Insufficient URL encoding flaw in allowed script location check

----

- CVE-2019-9848 LibreLogo arbitrary script execution

- CVE-2019-9849 remote bullet graphics retrieved in 'stealth mode'

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected 1:libreoffice package.

Plugin Details

Severity: Critical

ID: 128128

File Name: fedora_2019-2fe22a3a2c.nasl

Version: 1.3

Type: local

Agent: unix

Family: Fedora Local Security Checks

Published: 8/26/2019

Updated: 9/24/2019

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:1:libreoffice, cpe:/o:fedoraproject:fedora:29

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/25/2019

Vulnerability Publication Date: 7/17/2019

Exploitable With

Core Impact

Metasploit (LibreOffice Macro Python Code Execution)

Reference Information

CVE: CVE-2019-9848, CVE-2019-9849, CVE-2019-9850, CVE-2019-9851, CVE-2019-9852

FEDORA: 2019-2fe22a3a2c

Detections

Analytics