[tdf-discuss] security related information: CVE-2023-0950, CVE-2023-2255

Caolán McNamara <caolan.mcnamara -AT- collabora.com>

Thu, 25 May 2023 16:37:24 +0100

tl;dr: upgrade to LibreOffice >= 7.4.7 or >= 7.5.3 CVE-2023-0950 Array Index UnderFlow in Calc Formula Parsing Fixed in: LibreOffice 7.4.6/7.5.1 Description: In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. In versions >= 7.4.6 (and >= 7.5.2) the count of parameters is validated Credits: * Secusmart GmbH for discovering and reporting the issue * Eike Rathke of Red Hat, Inc. for a solution https://www.libreoffice.org/about-us/security/advisories/CVE-2023-0950 CVE-2023-2255: Remote documents loaded without prompt via IFrame Fixed in: LibreOffice 7.4.7/7.5.3 Description: LibreOffice supports "Floating Frames", similar to a html IFrame. The frames display their linked document in a floating frame inside the host document. In affected versions of LibreOffice these floating frames fetch and display their linked document without prompt on loading the host document. This was inconsistent with the behavior of other linked document content such as OLE objects, Writer linked sections or Calc WEBSERVICE formulas which warn the user that there are linked documents and prompts if they should be allowed to update. In versions >= 7.4.7 (and >= 7.5.3) the existing "update link" manager has been expanded to additionally control the update of the content of IFrames, so such IFrames will not automatically refresh their content unless the user agrees via the prompts. Thanks to Amel Bouziane-Leblond for discovering this flaw. https://www.libreoffice.org/about-us/security/advisories/CVE-2023-2255 -- To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.documentfoundation.org/www/discuss/ Privacy Policy: https://www.documentfoundation.org/privacy

Context

[tdf-discuss] security related information: CVE-2023-0950, CVE-2023-2255 · Caolán McNamara

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.