Vulnerability CVE-2023-6186: Information
Description
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| LibreOffice | sisyphus | 7.6.4.1-alt1 | 24.2.3.2-alt1 | ALT-PU-2023-8057-1 | 336057 | Fixed |
| LibreOffice | sisyphus_riscv64 | 7.6.4.1-alt0.port | 24.2.3.2-alt0.port | ALT-PU-2023-8324-1 | - | Fixed |
| LibreOffice | sisyphus_loongarch64 | 7.6.4.1-alt1 | 24.2.3.2-alt1 | ALT-PU-2023-8101-1 | - | Fixed |
| LibreOffice | p11 | 7.6.4.1-alt1 | 24.2.3.2-alt1 | ALT-PU-2023-8057-1 | 336057 | Fixed |
| LibreOffice-still | sisyphus | 7.5.9.2-alt1 | 7.6.7.2-alt1 | ALT-PU-2023-8037-2 | 336057 | Fixed |
| LibreOffice-still | sisyphus_loongarch64 | 7.5.9.2-alt1 | 7.6.7.2-alt1 | ALT-PU-2023-8100-1 | - | Fixed |
| LibreOffice-still | p10 | 7.5.9.2-alt1.p10.1 | 7.6.6.3-alt0.p10.1 | ALT-PU-2024-1030-2 | 337205 | Fixed |
| LibreOffice-still | c10f1 | 7.5.9.2-alt1.p10.1 | 7.5.9.2-alt1.p10.1 | ALT-PU-2024-1179-2 | 338266 | Fixed |
| LibreOffice-still | p11 | 7.5.9.2-alt1 | 7.6.7.2-alt1 | ALT-PU-2023-8037-2 | 336057 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186 |
|
| https://www.debian.org/security/2023/dsa-5574 |
|
| https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/ |
|
| https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html |