{"id":"MGASA-2024-0320","summary":"Updated libreoffice package fixes security vulnerability","details":"The Certificate Validation user interface in LibreOffice allows a potential\nvulnerability. Signed macros are scripts that have been digitally signed\nby the developer using a cryptographic signature. When a document with a\nsigned macro is opened a warning is displayed by LibreOffice before the\nmacro is executed. Previously, if verification failed the user could fail\nto understand the failure and choose to enable the macros anyway. This\nissue affects LibreOffice: from 24.2 before 24.2.5.\nAlso our current version is EOL, so we are updating to a supported\nversion.\n","modified":"2026-04-16T04:41:30.874208494Z","published":"2024-09-28T21:34:52Z","upstream":["CVE-2024-6472"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0320.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33449"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33528"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6962-1"},{"type":"ADVISORY","url":"https://www.libreoffice.org/about-us/security/advisories/cve-2024-6472/"}],"affected":[{"package":{"name":"libreoffice","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/libreoffice?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"24.2.5.2-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0320.json"}},{"package":{"name":"zxcvbn-c","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/zxcvbn-c?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5-2.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0320.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}