Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2019-9851: SUSE Linux Security Advisory

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

SUSE: CVE-2019-9851: SUSE Linux Security Advisory

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
08/15/2019
Created
09/04/2019
Added
09/03/2019
Modified
02/04/2022

Description

LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.

Solution(s)

  • suse-upgrade-libreoffice
  • suse-upgrade-libreoffice-base
  • suse-upgrade-libreoffice-base-drivers-firebird
  • suse-upgrade-libreoffice-base-drivers-postgresql
  • suse-upgrade-libreoffice-branding-upstream
  • suse-upgrade-libreoffice-calc
  • suse-upgrade-libreoffice-calc-extensions
  • suse-upgrade-libreoffice-draw
  • suse-upgrade-libreoffice-filters-optional
  • suse-upgrade-libreoffice-gdb-pretty-printers
  • suse-upgrade-libreoffice-glade
  • suse-upgrade-libreoffice-gnome
  • suse-upgrade-libreoffice-gtk2
  • suse-upgrade-libreoffice-gtk3
  • suse-upgrade-libreoffice-icon-themes
  • suse-upgrade-libreoffice-impress
  • suse-upgrade-libreoffice-l10n-af
  • suse-upgrade-libreoffice-l10n-am
  • suse-upgrade-libreoffice-l10n-ar
  • suse-upgrade-libreoffice-l10n-as
  • suse-upgrade-libreoffice-l10n-ast
  • suse-upgrade-libreoffice-l10n-be
  • suse-upgrade-libreoffice-l10n-bg
  • suse-upgrade-libreoffice-l10n-bn
  • suse-upgrade-libreoffice-l10n-bn_in
  • suse-upgrade-libreoffice-l10n-bo
  • suse-upgrade-libreoffice-l10n-br
  • suse-upgrade-libreoffice-l10n-brx
  • suse-upgrade-libreoffice-l10n-bs
  • suse-upgrade-libreoffice-l10n-ca
  • suse-upgrade-libreoffice-l10n-ca_valencia
  • suse-upgrade-libreoffice-l10n-ckb
  • suse-upgrade-libreoffice-l10n-cs
  • suse-upgrade-libreoffice-l10n-cy
  • suse-upgrade-libreoffice-l10n-da
  • suse-upgrade-libreoffice-l10n-de
  • suse-upgrade-libreoffice-l10n-dgo
  • suse-upgrade-libreoffice-l10n-dsb
  • suse-upgrade-libreoffice-l10n-dz
  • suse-upgrade-libreoffice-l10n-el
  • suse-upgrade-libreoffice-l10n-en
  • suse-upgrade-libreoffice-l10n-en_gb
  • suse-upgrade-libreoffice-l10n-en_za
  • suse-upgrade-libreoffice-l10n-eo
  • suse-upgrade-libreoffice-l10n-es
  • suse-upgrade-libreoffice-l10n-et
  • suse-upgrade-libreoffice-l10n-eu
  • suse-upgrade-libreoffice-l10n-fa
  • suse-upgrade-libreoffice-l10n-fi
  • suse-upgrade-libreoffice-l10n-fr
  • suse-upgrade-libreoffice-l10n-fur
  • suse-upgrade-libreoffice-l10n-fy
  • suse-upgrade-libreoffice-l10n-ga
  • suse-upgrade-libreoffice-l10n-gd
  • suse-upgrade-libreoffice-l10n-gl
  • suse-upgrade-libreoffice-l10n-gu
  • suse-upgrade-libreoffice-l10n-gug
  • suse-upgrade-libreoffice-l10n-he
  • suse-upgrade-libreoffice-l10n-hi
  • suse-upgrade-libreoffice-l10n-hr
  • suse-upgrade-libreoffice-l10n-hsb
  • suse-upgrade-libreoffice-l10n-hu
  • suse-upgrade-libreoffice-l10n-id
  • suse-upgrade-libreoffice-l10n-is
  • suse-upgrade-libreoffice-l10n-it
  • suse-upgrade-libreoffice-l10n-ja
  • suse-upgrade-libreoffice-l10n-ka
  • suse-upgrade-libreoffice-l10n-kab
  • suse-upgrade-libreoffice-l10n-kk
  • suse-upgrade-libreoffice-l10n-km
  • suse-upgrade-libreoffice-l10n-kmr_latn
  • suse-upgrade-libreoffice-l10n-kn
  • suse-upgrade-libreoffice-l10n-ko
  • suse-upgrade-libreoffice-l10n-kok
  • suse-upgrade-libreoffice-l10n-ks
  • suse-upgrade-libreoffice-l10n-lb
  • suse-upgrade-libreoffice-l10n-lo
  • suse-upgrade-libreoffice-l10n-lt
  • suse-upgrade-libreoffice-l10n-lv
  • suse-upgrade-libreoffice-l10n-mai
  • suse-upgrade-libreoffice-l10n-mk
  • suse-upgrade-libreoffice-l10n-ml
  • suse-upgrade-libreoffice-l10n-mn
  • suse-upgrade-libreoffice-l10n-mni
  • suse-upgrade-libreoffice-l10n-mr
  • suse-upgrade-libreoffice-l10n-my
  • suse-upgrade-libreoffice-l10n-nb
  • suse-upgrade-libreoffice-l10n-ne
  • suse-upgrade-libreoffice-l10n-nl
  • suse-upgrade-libreoffice-l10n-nn
  • suse-upgrade-libreoffice-l10n-nr
  • suse-upgrade-libreoffice-l10n-nso
  • suse-upgrade-libreoffice-l10n-oc
  • suse-upgrade-libreoffice-l10n-om
  • suse-upgrade-libreoffice-l10n-or
  • suse-upgrade-libreoffice-l10n-pa
  • suse-upgrade-libreoffice-l10n-pl
  • suse-upgrade-libreoffice-l10n-pt_br
  • suse-upgrade-libreoffice-l10n-pt_pt
  • suse-upgrade-libreoffice-l10n-ro
  • suse-upgrade-libreoffice-l10n-ru
  • suse-upgrade-libreoffice-l10n-rw
  • suse-upgrade-libreoffice-l10n-sa_in
  • suse-upgrade-libreoffice-l10n-sat
  • suse-upgrade-libreoffice-l10n-sd
  • suse-upgrade-libreoffice-l10n-si
  • suse-upgrade-libreoffice-l10n-sid
  • suse-upgrade-libreoffice-l10n-sk
  • suse-upgrade-libreoffice-l10n-sl
  • suse-upgrade-libreoffice-l10n-sq
  • suse-upgrade-libreoffice-l10n-sr
  • suse-upgrade-libreoffice-l10n-ss
  • suse-upgrade-libreoffice-l10n-st
  • suse-upgrade-libreoffice-l10n-sv
  • suse-upgrade-libreoffice-l10n-sw_tz
  • suse-upgrade-libreoffice-l10n-szl
  • suse-upgrade-libreoffice-l10n-ta
  • suse-upgrade-libreoffice-l10n-te
  • suse-upgrade-libreoffice-l10n-tg
  • suse-upgrade-libreoffice-l10n-th
  • suse-upgrade-libreoffice-l10n-tn
  • suse-upgrade-libreoffice-l10n-tr
  • suse-upgrade-libreoffice-l10n-ts
  • suse-upgrade-libreoffice-l10n-tt
  • suse-upgrade-libreoffice-l10n-ug
  • suse-upgrade-libreoffice-l10n-uk
  • suse-upgrade-libreoffice-l10n-uz
  • suse-upgrade-libreoffice-l10n-ve
  • suse-upgrade-libreoffice-l10n-vec
  • suse-upgrade-libreoffice-l10n-vi
  • suse-upgrade-libreoffice-l10n-xh
  • suse-upgrade-libreoffice-l10n-zh_cn
  • suse-upgrade-libreoffice-l10n-zh_tw
  • suse-upgrade-libreoffice-l10n-zu
  • suse-upgrade-libreoffice-librelogo
  • suse-upgrade-libreoffice-mailmerge
  • suse-upgrade-libreoffice-math
  • suse-upgrade-libreoffice-officebean
  • suse-upgrade-libreoffice-pyuno
  • suse-upgrade-libreoffice-qt5
  • suse-upgrade-libreoffice-sdk
  • suse-upgrade-libreoffice-sdk-doc
  • suse-upgrade-libreoffice-writer
  • suse-upgrade-libreoffice-writer-extensions
  • suse-upgrade-libreofficekit
  • suse-upgrade-libreofficekit-devel

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;