Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.3396 libreoffice security update 9 September 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libreoffice Publisher: Debian Operating System: Debian GNU/Linux 9 Debian GNU/Linux 10 Impact/Access: Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-9854 CVE-2019-9852 Reference: ESB-2019.3267 ESB-2019.3170 ESB-2019.3130 Original Bulletin: http://www.debian.org/security/2019/dsa-4519 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4519-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 08, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libreoffice CVE ID : CVE-2019-9854 It was discovered that the code fixes for LibreOffice to address CVE-2019-9852 were not complete. Additional information can be found at https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9854/ For the oldstable distribution (stretch), this problem has been fixed in version 1:5.2.7-1+deb9u11. For the stable distribution (buster), this problem has been fixed in version 1:6.1.5-3+deb10u4. We recommend that you upgrade your libreoffice packages. For the detailed security status of libreoffice please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libreoffice Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl11bfwACgkQEMKTtsN8 TjZWZQ/+KF9Avq9xfiNRKaHa9Imr6TY4+FoyQMx6AeFBY1dZSTG0VUowCMcTlhfg 3eIV7XaOxOFP1KysV0OArJn2D8e3ABWS/0H/Iz9dZkfPkBW5xUqemU/g23OiO2EK K6Of9zn2w8dPAh7xJMEjQVy/gxZtYjSga2ZTe+iJtHOVEvWn0+ngrEsD6MfL/s6+ MkNO4ZKt//WUP0Y55dm6CKdMuWp0Y5uihjBWUUwSHPS7aOlu1SXEfheKmaczYRPA 0VYuz26xBiaAh6F0JLTx1r2DMtq9ndo7/0KwHjFr4UR6I1o5AdwlpfyCWxW07+1W 7yys4MdLEn/1EIBjkrgvHNJNUPfFR9MNd1StDmZVSBWo0bO3w/xo2fNQLmKYjy8H dAClGPyowhqU4Qm2QHDNo1fCm4JlRW+8jrxm5TwoLZrXwEN4EgQ0NGX770zhal33 NMys6Ui9L9tP6ZNNxq1JOYjU7BDkKayfqdMXxu9q2041VraFXkkCZNYsIbULW0sR ZuGRjyBd/eIX2pun93hJy71s8ywG5y/PplQ/BZFNqRIS0s4h+Xavr4N32YpjgQKb a2pFnptzJSRhZWHfI6viYDsJkxI6Q3CtRJHH1rSKsFfExOo+SLP+3yNz9fBvjhKf CTvDHrn6kSlbtQAQvv+67u8xJWB2COUcSRnTWODKXM11xW7Rl4E= =KZNP - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXXWJuWaOgq3Tt24GAQj9fhAAoLVRdTLFPPIgvASe8ek0EHGrh3AsSK1j PyWZG2Wh0vlS8eYe+U2NP9fPD3hquFw2DwNfmoWTYJsteydRgVK7vxBI8Fy3rtbl IFECU2dLOnlMcYi9sHdb5OwUiC2J0AzabudTbGfitMP813mH+7RzRW5rpIUcykLU 9iyaKyKPRIAOgkVNGiDpRxDNi8xzkV5QnhFv5Q1np8rQ+khkmcxT87uY9FHTUr4n 9ejeDHMiFTuN0MvSKr8Y8JEXea9lwtGvS7ZrRszo+BQjlF7txfWrjLXWdlXGAu4R y48KRK8HkBgai76MQNj6xRf5EnAQe5IRuvrlC4RARijPv04Sl07Nn4YEldaa7l0h 0toRkX26y1dZodvOovcmHJ4QYW5gnrUHjxNx2+0bsY7X2NFvaKcn2vIDtEc2y6Oa EWS9s0DheXVBiRyiubIQapPVCvu8x5VZ+KjYjBkFr0nypcIV5LebAl2qYR12Lohv 2qvUB+XVKOVZjY+dcMI2rxrB8i0SenNpIA0ScRCeaL5LSpab5nlPBujBStqveL1b H+F1P5iOpLYkNsp3TP8HMCmwsR5tvTA/7PAEZVmtHHXrfV0tQ6ozI3wJapSXRQJL fEH27O9EQRqR3oQPYDH9k3EVWK7J970cdGXl7yZHpp0SjHfbmfpdnc7aLVk3dnEU xabVN8FmIJo= =jdOL -----END PGP SIGNATURE-----