287 lines
14 KiB
JSON
287 lines
14 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:202414937",
|
||
"Version": "oval:org.altlinux.errata:def:202414937",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2024-14937: package `LibreOffice-still` update to version 24.2.6.2-alt0.p10.1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch p10"
|
||
],
|
||
"Products": [
|
||
"ALT Server",
|
||
"ALT Virtualization Server",
|
||
"ALT Workstation",
|
||
"ALT Workstation K",
|
||
"ALT Education",
|
||
"Simply Linux",
|
||
"Starterkit"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2024-14937",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-14937",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2024-04136",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2024-04136",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2024-04913",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2024-04913",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2024-06443",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2024-06443",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2024-07260",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2024-07260",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2024-3044",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-3044",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2024-5261",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-5261",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2024-6472",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-6472",
|
||
"Source": "CVE"
|
||
},
|
||
{
|
||
"RefID": "CVE-2024-7788",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-7788",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades LibreOffice-still to version 24.2.6.2-alt0.p10.1. \nSecurity Fix(es):\n\n * BDU:2024-04136: Уязвимость пакета офисных программ LibreOffice, связанная с возможностью внедрения кода или данных, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-04913: Уязвимость компонента LibreOfficeKit пакета офисных программ LibreOffice, позволяющая уязвимости может позволить нарушителю выполнить произвольный код\n\n * BDU:2024-06443: Уязвимость пользовательского интерфейса проверки сертификата пакета офисных программ LibreOffice, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2024-07260: Уязвимость пакета офисных программ LibreOffice, связанная с некорректной проверкой криптографической подписи, позволяющая нарушителю создать специально сформированный документ, который после восстановления сообщал о действительном статусе электронной подписи\n\n * CVE-2024-3044: Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.\n\n * CVE-2024-5261: Improper Certificate Validation vulnerability in LibreOffice \"LibreOfficeKit\" mode disables TLS certification verification\n\nLibreOfficeKit can be used for accessing LibreOffice functionality \nthrough C/C++. Typically this is used by third party components to reuse\n LibreOffice as a library to convert, view or otherwise interact with \ndocuments.\n\nLibreOffice internally makes use of \"curl\" to fetch remote resources such as images hosted on webservers.\n\nIn\n affected versions of LibreOffice, when used in LibreOfficeKit mode \nonly, then curl's TLS certification verification was disabled \n(CURLOPT_SSL_VERIFYPEER of false)\n\nIn the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.\n\nThis issue affects LibreOffice before version 24.2.4.\n\n * CVE-2024-6472: Certificate Validation user interface in LibreOffice allows potential vulnerability.\n\n\n\n\nSigned macros are scripts that have been digitally signed by the \ndeveloper using a cryptographic signature. When a document with a signed\n macro is opened a warning is displayed by LibreOffice before the macro \nis executed.\n\nPreviously if verification failed the user could fail to understand the failure and choose to enable the macros anyway.\n\n\nThis issue affects LibreOffice: from 24.2 before 24.2.5.\n\n * CVE-2024-7788: Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before \u003c 24.2.5.",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "Critical",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2024-11-14"
|
||
},
|
||
"Updated": {
|
||
"Date": "2024-11-14"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2024-04136",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-20",
|
||
"Href": "https://bdu.fstec.ru/vul/2024-04136",
|
||
"Impact": "High",
|
||
"Public": "20240514"
|
||
},
|
||
{
|
||
"ID": "BDU:2024-04913",
|
||
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-295",
|
||
"Href": "https://bdu.fstec.ru/vul/2024-04913",
|
||
"Impact": "Critical",
|
||
"Public": "20240625"
|
||
},
|
||
{
|
||
"ID": "BDU:2024-06443",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-295",
|
||
"Href": "https://bdu.fstec.ru/vul/2024-06443",
|
||
"Impact": "High",
|
||
"Public": "20240805"
|
||
},
|
||
{
|
||
"ID": "BDU:2024-07260",
|
||
"CVSS": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
|
||
"CVSS3": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-347",
|
||
"Href": "https://bdu.fstec.ru/vul/2024-07260",
|
||
"Impact": "High",
|
||
"Public": "20240917"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2024-3044",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-3044",
|
||
"Impact": "None",
|
||
"Public": "20240514"
|
||
},
|
||
{
|
||
"ID": "CVE-2024-5261",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-5261",
|
||
"Impact": "None",
|
||
"Public": "20240625"
|
||
},
|
||
{
|
||
"ID": "CVE-2024-6472",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-6472",
|
||
"Impact": "None",
|
||
"Public": "20240805"
|
||
},
|
||
{
|
||
"ID": "CVE-2024-7788",
|
||
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||
"CWE": "CWE-347",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-7788",
|
||
"Impact": "High",
|
||
"Public": "20240917"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:kworkstation:10",
|
||
"cpe:/o:alt:workstation:10",
|
||
"cpe:/o:alt:server:10",
|
||
"cpe:/o:alt:server-v:10",
|
||
"cpe:/o:alt:education:10",
|
||
"cpe:/o:alt:slinux:10",
|
||
"cpe:/o:alt:starterkit:p10",
|
||
"cpe:/o:alt:kworkstation:10.1",
|
||
"cpe:/o:alt:workstation:10.1",
|
||
"cpe:/o:alt:server:10.1",
|
||
"cpe:/o:alt:server-v:10.1",
|
||
"cpe:/o:alt:education:10.1",
|
||
"cpe:/o:alt:slinux:10.1",
|
||
"cpe:/o:alt:starterkit:10.1",
|
||
"cpe:/o:alt:kworkstation:10.2",
|
||
"cpe:/o:alt:workstation:10.2",
|
||
"cpe:/o:alt:server:10.2",
|
||
"cpe:/o:alt:server-v:10.2",
|
||
"cpe:/o:alt:education:10.2",
|
||
"cpe:/o:alt:slinux:10.2",
|
||
"cpe:/o:alt:starterkit:10.2"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:2001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937001",
|
||
"Comment": "LibreOffice-still is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937002",
|
||
"Comment": "LibreOffice-still-common is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937003",
|
||
"Comment": "LibreOffice-still-extensions is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937004",
|
||
"Comment": "LibreOffice-still-gtk3 is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937005",
|
||
"Comment": "LibreOffice-still-integrated is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937006",
|
||
"Comment": "LibreOffice-still-kde5 is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937007",
|
||
"Comment": "LibreOffice-still-langpack-be is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937008",
|
||
"Comment": "LibreOffice-still-langpack-de is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937009",
|
||
"Comment": "LibreOffice-still-langpack-el is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937010",
|
||
"Comment": "LibreOffice-still-langpack-es is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937011",
|
||
"Comment": "LibreOffice-still-langpack-fr is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937012",
|
||
"Comment": "LibreOffice-still-langpack-kk is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937013",
|
||
"Comment": "LibreOffice-still-langpack-ky is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937014",
|
||
"Comment": "LibreOffice-still-langpack-pt-BR is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937015",
|
||
"Comment": "LibreOffice-still-langpack-ru is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937016",
|
||
"Comment": "LibreOffice-still-langpack-tt is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937017",
|
||
"Comment": "LibreOffice-still-langpack-uk is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937018",
|
||
"Comment": "LibreOffice-still-langpack-uz is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937019",
|
||
"Comment": "LibreOffice-still-mimetypes is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937020",
|
||
"Comment": "LibreOffice-still-qt5 is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937021",
|
||
"Comment": "LibreOffice-still-sdk is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937022",
|
||
"Comment": "libreofficekit-still is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:202414937023",
|
||
"Comment": "libreofficekit-still-devel is earlier than 0:24.2.6.2-alt0.p10.1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |