CVE-2019-9853

medium

Published 2020-04-28 · Modified 2020-04-28

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.5

Description

RHSA-2020:1598: libreoffice security and bug fix update (Moderate)

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Red Hat Errata — Red Hat Inc. · View original ↗ · Open-Errata-API

Description libreoffice: Insufficient URL decoding flaw in categorizing macro location CVSS v3: 7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 7libreoffice-1:5.3.6.1-24.el7RHSA-2020:11512020-03-31T00:00:00Z Red Hat Enterprise Linux 8libreoffice-1:6.0.6.1-20.el8RHSA-2020:15982020-04-28T00:00:00Z Package state…

Description

libreoffice: Insufficient URL decoding flaw in categorizing macro location

CVSS v3: 7.8 (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

Errata / fixed releases

Product	Package	Advisory	Released
Red Hat Enterprise Linux 7	`libreoffice-1:5.3.6.1-24.el7`	RHSA-2020:1151	2020-03-31T00:00:00Z
Red Hat Enterprise Linux 8	`libreoffice-1:6.0.6.1-20.el8`	RHSA-2020:1598	2020-04-28T00:00:00Z

Package state

Product	Package	State
Red Hat Enterprise Linux 6	`libreoffice`	Out of support scope

Apply commands

bash fix

Apply RHSA-2020:1151 for Red Hat Enterprise Linux 7

yum update -y libreoffice
# or:
dnf upgrade -y libreoffice

OS impact

OS	Version	Status	Fixed in
sles		affected
debian	bookworm	fixed	`1:6.3.0-1`
debian	bullseye	fixed	`1:6.3.0-1`
debian	forky	fixed	`1:6.3.0-1`
debian	sid	fixed	`1:6.3.0-1`
debian	trixie	fixed	`1:6.3.0-1`
rhel	8	fixed

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.