MGASA-2024-0320

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0320.html

Import Source

https://advisories.mageia.org/MGASA-2024-0320.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2024-0320

Related

CVE-2024-6472

Published

2024-09-28T21:34:52Z

Modified

2024-09-28T21:07:38Z

Summary

Updated libreoffice package fixes security vulnerability

Details

The Certificate Validation user interface in LibreOffice allows a potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed. Previously, if verification failed the user could fail to understand the failure and choose to enable the macros anyway. This issue affects LibreOffice: from 24.2 before 24.2.5. Also our current version is EOL, so we are updating to a supported version.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / libreoffice

Package

Name: libreoffice
Purl: pkg:rpm/mageia/libreoffice?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.2.5.2-1.1.mga9

Ecosystem specific

{
    "section": "core"
}

Mageia:9 / zxcvbn-c

Package

Name: zxcvbn-c
Purl: pkg:rpm/mageia/zxcvbn-c?arch=source&distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5-2.mga9

Ecosystem specific

{
    "section": "core"
}