[SECURITY] Fedora 35 Update: libreoffice-7.2.7.2-2.fc35 - package-announce - Fedora mailing-lists

23 Oct 2022


      --------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-775c747e4a
2022-10-23 09:12:12.597931
--------------------------------------------------------------------------------
Name        : libreoffice
Product     : Fedora 35
Version     : 7.2.7.2
Release     : 2.fc35
URL         : http://www.libreoffice.org/
Summary     : Free Software Productivity Suite
Description :
LibreOffice is an Open Source, community-developed, office productivity suite.
It includes the key desktop applications, such as a word processor,
spreadsheet, presentation manager, formula editor and drawing program, with a
user interface and feature set similar to other office suites.  Sophisticated
and flexible, LibreOffice also works transparently with a variety of file
formats, including Microsoft Office File Formats.
--------------------------------------------------------------------------------
Update Information:
LibreOffice supports Office URI Schemes to enable browser integration of
LibreOffice with MS SharePoint server. An additional scheme
'vnd.libreoffice.command' specific to LibreOffice was added.  In the affected
versions of LibreOffice links using that scheme could be constructed to call
internal macros with arbitrary arguments. Which when clicked on, or activated by
document events, could result in arbitrary script execution without warning.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 14 2022 Caol��n McNamara caolanm@redhat.com - 1:7.2.7.2-2
- Resolves: rhbz#2134698 CVE-2022-3140
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2134698 - CVE-2022-3140 libreoffice: Macro URL arbitrary script execution [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2134698
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-775c747e4a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------