Detections
Analytics
RHEL 9 : libreoffice (RHSA-2023:0304)
high Nessus Plugin ID 170427
Language:
Synopsis
The remote Red Hat host is missing one or more security updates for libreoffice.Description
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0304 advisory.- libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation (CVE-2022-26305)
- libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password (CVE-2022-26306)
- libreoffice: Weak Master Keys (CVE-2022-26307)
- libreoffice: Macro URL arbitrary script execution (CVE-2022-3140)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL libreoffice package based on the guidance in RHSA-2023:0304.See Also
https://access.redhat.com/security/cve/CVE-2022-3140
https://access.redhat.com/security/cve/CVE-2022-26305
https://access.redhat.com/security/cve/CVE-2022-26306
https://access.redhat.com/security/cve/CVE-2022-26307
https://access.redhat.com/errata/RHSA-2023:0304
https://bugzilla.redhat.com/2118610
https://bugzilla.redhat.com/2118611
Plugin Details
Severity: High
ID: 170427
File Name: redhat-RHSA-2023-0304.nasl
Version: 1.2
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 1/23/2023
Updated: 1/26/2024
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 6.7
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2022-26307
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:redhat:enterprise_linux:9, cpe:/o:redhat:rhel_aus:9.2, cpe:/o:redhat:rhel_e4s:9.2, cpe:/o:redhat:rhel_eus:9.2, p-cpe:/a:redhat:enterprise_linux:autocorr-af, p-cpe:/a:redhat:enterprise_linux:autocorr-bg, p-cpe:/a:redhat:enterprise_linux:autocorr-ca, p-cpe:/a:redhat:enterprise_linux:autocorr-cs, p-cpe:/a:redhat:enterprise_linux:autocorr-da, p-cpe:/a:redhat:enterprise_linux:autocorr-de, p-cpe:/a:redhat:enterprise_linux:autocorr-dsb, p-cpe:/a:redhat:enterprise_linux:autocorr-el, p-cpe:/a:redhat:enterprise_linux:autocorr-en, p-cpe:/a:redhat:enterprise_linux:autocorr-es, p-cpe:/a:redhat:enterprise_linux:autocorr-fa, p-cpe:/a:redhat:enterprise_linux:autocorr-fi, p-cpe:/a:redhat:enterprise_linux:autocorr-fr, p-cpe:/a:redhat:enterprise_linux:autocorr-ga, p-cpe:/a:redhat:enterprise_linux:autocorr-hr, p-cpe:/a:redhat:enterprise_linux:autocorr-hsb, p-cpe:/a:redhat:enterprise_linux:autocorr-hu, p-cpe:/a:redhat:enterprise_linux:autocorr-is, p-cpe:/a:redhat:enterprise_linux:autocorr-it, p-cpe:/a:redhat:enterprise_linux:autocorr-ja, p-cpe:/a:redhat:enterprise_linux:autocorr-ko, p-cpe:/a:redhat:enterprise_linux:autocorr-lb, p-cpe:/a:redhat:enterprise_linux:autocorr-ro, p-cpe:/a:redhat:enterprise_linux:autocorr-ru, p-cpe:/a:redhat:enterprise_linux:autocorr-sk, p-cpe:/a:redhat:enterprise_linux:autocorr-sl, p-cpe:/a:redhat:enterprise_linux:autocorr-sr, p-cpe:/a:redhat:enterprise_linux:autocorr-sv, p-cpe:/a:redhat:enterprise_linux:autocorr-tr, p-cpe:/a:redhat:enterprise_linux:autocorr-vi, p-cpe:/a:redhat:enterprise_linux:autocorr-vro, p-cpe:/a:redhat:enterprise_linux:autocorr-zh, p-cpe:/a:redhat:enterprise_linux:libreoffice-base, p-cpe:/a:redhat:enterprise_linux:libreoffice-calc, p-cpe:/a:redhat:enterprise_linux:libreoffice-core, p-cpe:/a:redhat:enterprise_linux:libreoffice-data, p-cpe:/a:redhat:enterprise_linux:libreoffice-draw, p-cpe:/a:redhat:enterprise_linux:libreoffice-emailmerge, p-cpe:/a:redhat:enterprise_linux:libreoffice-filters, p-cpe:/a:redhat:enterprise_linux:libreoffice-gdb-debug-support, p-cpe:/a:redhat:enterprise_linux:libreoffice-graphicfilter, p-cpe:/a:redhat:enterprise_linux:libreoffice-gtk3, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-ar, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-bg, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-bn, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-ca, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-cs, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-da, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-de, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-dz, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-el, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-en, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-eo, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-es, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-et, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-eu, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-fi, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-fr, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-gl, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-gu, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-he, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-hi, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-hr, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-hu, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-id, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-it, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-ja, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-ko, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-lt, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-lv, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-nb, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-nl, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-nn, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-pl, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-pt-br, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-pt-pt, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-ro, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-ru, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-si, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-sk, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-sl, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-sv, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-ta, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-tr, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-uk, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-zh-hans, p-cpe:/a:redhat:enterprise_linux:libreoffice-help-zh-hant, p-cpe:/a:redhat:enterprise_linux:libreoffice-impress, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-af, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-ar, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-as, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-bg, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-bn, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-br, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-ca, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-cs, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-cy, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-da, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-de, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-dz, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-el, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-en, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-eo, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-es, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-et, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-eu, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-fa, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-fi, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-fr, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-fy, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-ga, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-gl, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-gu, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-he, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-hi, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-hr, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-hu, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-id, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-it, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-ja, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-kk, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-kn, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-ko, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-lt, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-lv, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-mai, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-ml, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-mr, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-nb, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-nl, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-nn, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-nr, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-nso, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-or, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-pa, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-pl, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-pt-br, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-pt-pt, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-ro, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-ru, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-si, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-sk, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-sl, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-sr, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-ss, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-st, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-sv, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-ta, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-te, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-th, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-tn, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-tr, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-ts, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-uk, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-ve, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-xh, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-zh-hans, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-zh-hant, p-cpe:/a:redhat:enterprise_linux:libreoffice-langpack-zu, p-cpe:/a:redhat:enterprise_linux:libreoffice-math, p-cpe:/a:redhat:enterprise_linux:libreoffice-ogltrans, p-cpe:/a:redhat:enterprise_linux:libreoffice-opensymbol-fonts, p-cpe:/a:redhat:enterprise_linux:libreoffice-pdfimport, p-cpe:/a:redhat:enterprise_linux:libreoffice-pyuno, p-cpe:/a:redhat:enterprise_linux:libreoffice-sdk, p-cpe:/a:redhat:enterprise_linux:libreoffice-sdk-doc, p-cpe:/a:redhat:enterprise_linux:libreoffice-ure, p-cpe:/a:redhat:enterprise_linux:libreoffice-ure-common, p-cpe:/a:redhat:enterprise_linux:libreoffice-wiki-publisher, p-cpe:/a:redhat:enterprise_linux:libreoffice-writer, p-cpe:/a:redhat:enterprise_linux:libreoffice-x11, p-cpe:/a:redhat:enterprise_linux:libreoffice-xsltfilter, p-cpe:/a:redhat:enterprise_linux:libreofficekit, p-cpe:/a:redhat:enterprise_linux:autocorr-lt, p-cpe:/a:redhat:enterprise_linux:autocorr-mn, p-cpe:/a:redhat:enterprise_linux:autocorr-nl, p-cpe:/a:redhat:enterprise_linux:autocorr-pl, p-cpe:/a:redhat:enterprise_linux:autocorr-pt
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 1/23/2023
Vulnerability Publication Date: 7/25/2022
Reference Information
CVE: CVE-2022-26305, CVE-2022-26306, CVE-2022-26307, CVE-2022-3140