Main Vulnerability Database SB2024101036

SB2024101036 - SUSE update for libreoffice

Published: October 10, 2024

Security Bulletin ID SB2024101036

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Certificate Validation (CVE-ID: CVE-2024-5261)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to missing certificate validation within the LibreOfficeKit when calling "curl" to fetch remote resources such as images hosted on web servers. A remote attacker can perform MitM attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2024/suse-su-20243576-1/

Vulnerable Software

SUSE Linux Enterprise Workstation Extension 12: 12-SP5
SUSE Linux Enterprise Software Development Kit 12: SP5
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
libreoffice-l10n-pt_BR: before 24.8.1.2-48.64.2
libreoffice-l10n-en: before 24.8.1.2-48.64.2
libreoffice-l10n-nl: before 24.8.1.2-48.64.2
libreoffice-l10n-uk: before 24.8.1.2-48.64.2
libreoffice-l10n-es: before 24.8.1.2-48.64.2
libreoffice-l10n-zh_TW: before 24.8.1.2-48.64.2
libreoffice-l10n-it: before 24.8.1.2-48.64.2
libreoffice-l10n-da: before 24.8.1.2-48.64.2
libreoffice-icon-themes: before 24.8.1.2-48.64.2
libreoffice-l10n-lt: before 24.8.1.2-48.64.2
libreoffice-l10n-ru: before 24.8.1.2-48.64.2
libreoffice-l10n-fi: before 24.8.1.2-48.64.2
libreoffice-l10n-nb: before 24.8.1.2-48.64.2
libreoffice-l10n-gu: before 24.8.1.2-48.64.2
libreoffice-l10n-fr: before 24.8.1.2-48.64.2
libreoffice-l10n-de: before 24.8.1.2-48.64.2
libreoffice-branding-upstream: before 24.8.1.2-48.64.2
libreoffice-l10n-ar: before 24.8.1.2-48.64.2
libreoffice-l10n-hu: before 24.8.1.2-48.64.2
libreoffice-l10n-pt_PT: before 24.8.1.2-48.64.2
libreoffice-l10n-zu: before 24.8.1.2-48.64.2
libreoffice-l10n-ja: before 24.8.1.2-48.64.2
libreoffice-l10n-hi: before 24.8.1.2-48.64.2
libreoffice-l10n-zh_CN: before 24.8.1.2-48.64.2
libreoffice-l10n-pl: before 24.8.1.2-48.64.2
libreoffice-l10n-hr: before 24.8.1.2-48.64.2
libreoffice-l10n-xh: before 24.8.1.2-48.64.2
libreoffice-l10n-ko: before 24.8.1.2-48.64.2
libreoffice-l10n-sv: before 24.8.1.2-48.64.2
libreoffice-l10n-ro: before 24.8.1.2-48.64.2
libreoffice-l10n-sk: before 24.8.1.2-48.64.2
libreoffice-l10n-bg: before 24.8.1.2-48.64.2
libreoffice-l10n-af: before 24.8.1.2-48.64.2
libreoffice-l10n-nn: before 24.8.1.2-48.64.2
libreoffice-l10n-cs: before 24.8.1.2-48.64.2
libreoffice-l10n-ca: before 24.8.1.2-48.64.2
libreoffice-base-drivers-postgresql: before 24.8.1.2-48.64.2
libreoffice-gtk3: before 24.8.1.2-48.64.2
libreoffice-gnome: before 24.8.1.2-48.64.2
libreoffice-officebean-debuginfo: before 24.8.1.2-48.64.2
libreoffice-librelogo: before 24.8.1.2-48.64.2
libreoffice-pyuno-debuginfo: before 24.8.1.2-48.64.2
libreoffice-math-debuginfo: before 24.8.1.2-48.64.2
libreoffice-calc: before 24.8.1.2-48.64.2
libreoffice-base-debuginfo: before 24.8.1.2-48.64.2
libreoffice-pyuno: before 24.8.1.2-48.64.2
libreoffice-gnome-debuginfo: before 24.8.1.2-48.64.2
libreoffice: before 24.8.1.2-48.64.2
libreoffice-draw-debuginfo: before 24.8.1.2-48.64.2
libreoffice-draw: before 24.8.1.2-48.64.2
libreoffice-mailmerge: before 24.8.1.2-48.64.2
libreoffice-math: before 24.8.1.2-48.64.2
libreoffice-impress: before 24.8.1.2-48.64.2
libreoffice-writer: before 24.8.1.2-48.64.2
libreoffice-calc-extensions: before 24.8.1.2-48.64.2
libreoffice-writer-extensions: before 24.8.1.2-48.64.2
libreoffice-calc-debuginfo: before 24.8.1.2-48.64.2
libreoffice-gtk3-debuginfo: before 24.8.1.2-48.64.2
libreoffice-base-drivers-postgresql-debuginfo: before 24.8.1.2-48.64.2
libreoffice-base: before 24.8.1.2-48.64.2
libreoffice-writer-debuginfo: before 24.8.1.2-48.64.2
libreoffice-impress-debuginfo: before 24.8.1.2-48.64.2
libreoffice-officebean: before 24.8.1.2-48.64.2
libreoffice-filters-optional: before 24.8.1.2-48.64.2
libreoffice-debuginfo: before 24.8.1.2-48.64.2
libreoffice-sdk: before 24.8.1.2-48.64.2
libreoffice-sdk-debuginfo: before 24.8.1.2-48.64.2
libreoffice-debugsource: before 24.8.1.2-48.64.2