drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in libreoffice
Name: |
Ausführen beliebiger Kommandos in libreoffice |
|
ID: |
DSA-4381-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch |
|
Datum: |
So, 3. Februar 2019, 09:18 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16858 |
|
Applikationen: |
LibreOffice |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4381-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 02, 2019 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : libreoffice CVE ID : CVE-2018-16858
Alex Infuehr discovered a directory traversal vulnerability which could result in the execution of Python script code when opening a malformed document.
For the stable distribution (stretch), this problem has been fixed in version 1:5.2.7-1+deb9u5. In addition this update fixes a bug in the validation of signed PDFs; it would display an incomplete status message when dealing with a partial signature.
We recommend that you upgrade your libreoffice packages.
For the detailed security status of libreoffice please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libreoffice
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlxV4EAACgkQEMKTtsN8 TjY8zBAAv3BTtQQd45PZUuAbP1d6pYJpt378uEtOKVZAjA8k5o/MPxkCYRsK6hss xozyO4Yk/X78BlnDhIqi3YW8k9WdjUylcCrm68nRDYXB5LFa/FOLnUfAiNeXmdJS 8WF6xm1DtGuzX0698c2h1GGLyiONNamnkoVCnBNcfYt+KERcMOwby91cYtTdfLd9 I+TQEzwRoWfhfW+v/+J9ly2MukCqDyqOXJit7wNQXUtT13dt+6SLL7r00Ld24n6e PpFAeTuiPuM9yxOyKOn/RK8DdlgVK/RXZFbxkMj6k5YitbRCE2x48nRaRxa3iAAV EKYWjNteQXfl7msompHYjNfDqCCfUyO5t0NqZus7aDJCyXnzPQ/7XKVDU8ZKALbc hWLrfzVr6pNnQmHav/dNv+g+22fM6idOkMXjCDFskD16Ust/h7Jw08lBHBW2YGa0 ++s5DCrhPcX9ZoNQBmGTmftL22tn5X4P12i+rGRE897BAxrI/ZGmDLXDKxLLiGUQ Gjq70xQn+KYRpMqO8bsXSLNKq6xMK4GJFvcvRkePbiw+Ex2RwwlxwX6a0cVE+pvu Xr4hEMiFUNwI/Cl25wxOI4J01IjYrJFu56olXyJdzRG2YQxcM9zxiQaZo/TqxbQi wK0frJQmdIbSkoFf5g33/yEHNKeHZgC65Ppazd8udXxsOvhAcxc= =uRgA -----END PGP SIGNATURE-----
|
|
|
|