FreeBSD Bugzilla – Attachment 190471 Details for
Bug 225797
security/vuxml: Document vulnerability in LibreOffice (CVE-2018-6871 / CVE-2018-1055)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Document CVE-2018-6871
vuxml.patch (text/plain), 2.64 KB, created by
VK
on 2018-02-09 23:46:25 UTC
(
hide
)
Description:
Document CVE-2018-6871
Filename:
MIME Type:
Creator:
VK
Created:
2018-02-09 23:46:25 UTC
Size:
2.64 KB
patch
obsolete
>Index: security/vuxml/vuln.xml >=================================================================== >--- security/vuxml/vuln.xml (revision 461345) >+++ security/vuxml/vuln.xml (working copy) >@@ -58,6 +58,58 @@ > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="289269f1-0def-11e8-99b0-d017c2987f9a"> >+ <topic>LibreOffice -- Remote arbitrary file disclosure vulnerability via WEBSERVICE formula</topic> >+ <affects> >+ <package> >+ <name>libreoffice</name> >+ <name>ar-libreoffice</name> >+ <name>de-libreoffice</name> >+ <name>fr-libreoffice</name> >+ <name>hu-libreoffice</name> >+ <name>iw-libreoffice</name> >+ <name>ja-libreoffice</name> >+ <name>ko-libreoffice</name> >+ <name>pl-libreoffice</name> >+ <name>pt-libreoffice</name> >+ <name>ru-libreoffice</name> >+ <name>uk-libreoffice</name> >+ <name>vi-libreoffice</name> >+ <name>zh-libreoffice</name> >+ <range><ge>5.0.0</ge><lt>5.4.5</lt></range> >+ <range><ge>6.0.0</ge><lt>6.0.1</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>LibreOffice reports:</p> >+ <blockquote cite="https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/"> >+ <p>LibreOffice Calc supports a WEBSERVICE function to obtain data by URL. >+ Vulnerable versions of LibreOffice allow WEBSERVICE to take a local file >+ URL (e.g file://) which can be used to inject local files into the >+ spreadsheet without warning the user. Subsequent formulas can operate on >+ that inserted data and construct a remote URL whose path leaks the local >+ data to a remote attacker.</p> >+ <p>In later versions of LibreOffice without this flaw, WEBSERVICE has now >+ been limited to accessing http and https URLs along with bringing >+ WEBSERVICE URLs under LibreOffice Calc's link management infrastructure.</p> >+ <p><strong>Note:</strong> This vulnerability has been identified upstream >+ as CVE-2018-1055, but NVD/Mitre are advising it's a reservation >+ duplicate of CVE-2018-6871 which should be used instead.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/</url> >+ <url>https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure</url> >+ <cvename>CVE-2018-6871</cvename> >+ </references> >+ <dates> >+ <discovery>2018-02-09</discovery> >+ <entry>2018-02-09</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="3ee6e521-0d32-11e8-99b0-d017c2987f9a"> > <topic>mpv -- arbitrary code execution via crafted website</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=190471">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 225797
: 190471