Home » LibreOffice: IT safety alert replace (danger: excessive)

LibreOffice: IT safety alert replace (danger: excessive)

by admin
LibreOffice: IT safety alert replace (danger: excessive)

As BSI is at present reporting, an IT safety warning a couple of recognized LibreOffice vulnerability has obtained an replace. You can learn the way affected customers ought to behave right here.

Federal workplace for Security in Information Technology (BSI) has issued a safety advisory for LibreOffice on May 14, 2024. The working methods Linux, MacOS X and Windows in addition to Debian Linux and open supply LibreOffice merchandise are affected by the safety vulnerability. This alert was final up to date on May 15, 2024.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Debian Security Advisory DSA-5690 (From 15 May 2024). Some helpful hyperlinks are listed later on this article.

LibreOffice Security Advisory – Risk: High

Risk stage: 4 (excessive)
CVSS Base Score: 8.8
CVSS provisional rating: 7,7
Remote management: Ja

The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc methods. The CVSS commonplace makes it attainable to check potential or precise safety dangers based mostly on numerous standards to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporary scores additionally take into consideration adjustments over time within the danger state of affairs. The danger of the vulnerability talked about right here is assessed as “excessive” based on the CVSS with a base rating of 8.8.

See also  Webb telescope captures Orion Nebula to reveal details of star formation (picture) Orion | Forming Regions | Planets | Jupiter | Tarantula Nebula |

LibreOffice Bug: Vulnerability permits code execution

LibreOffice is a robust workplace suite, totally appropriate with different main workplace suppliers and appropriate for standard working methods comparable to Windows, GNU/Linux and Apple Mac OS X. LibreOffice presents six functions for creating paperwork and processing information: Writer, Calc, Impress, Draw, Base and Math.

A distant, unknown attacker may exploit a vulnerability in LibreOffice to execute arbitrary code.

Vulnerabilities are recognized by a CVE (Common Vulnerabilities and Exposures) serial quantity. CVE-2024-3044 on the market.

Systems affected by the LibreOffice vulnerability at a look

Operating methods
Linux, MacOS X, Windows

Debian Linux (cpe:/o:debian:debian_linux)
Open Source LibreOffice Open Source LibreOffice

General steps for coping with IT vulnerabilities

  1. Users of affected methods ought to keep up-to-date. When safety holes are recognized, producers are required to repair them shortly by growing a patch or workaround. If safety patches can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This typically comprises extra details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
  3. If you will have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to often test the desired sources to see if a brand new safety replace is out there.

Sources for updates, patches and workarounds

Here you will see that some hyperlinks with details about bug reviews, safety fixes and workarounds.

Debian Security Advisory DSA-5690 vom 2024-05-15 (15.05.2024)
For extra info, see:

GitHub Advisory Database vom 2024-05-14 (14.05.2024)
For extra info, see:

See also  Apple TV 4K out-of-the-box measurement|Mobile phone color correction and high frame rate HDR 7 reasons worth starting|Hong Kong 01|Digital Life

LibreOffice Security Advisory vom 2024-05-14 (14.05.2024)
For extra info, see:

Version historical past of this safety alert

This is model 2 of this LibreOffice IT safety discover. If additional updates are introduced, this doc can be up to date. You can examine adjustments or additions on this model historical past.

May 14, 2024 – First model
May 15, 2024 – New updates from Debian added

+++ Editorial observe: This doc is predicated on present BSI information and can be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that sizzling information, present movies and a direct line to the editorial workforce.


You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy