{"id":"RLSA-2024:3835","summary":"Important: libreoffice security update","details":"LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite.\n\nSecurity Fix(es):\n\n* libreoffice: Improper Input Validation leading to arbitrary gstreamer plugin execution (CVE-2023-6185)\n\n* libreoffice: Insufficient macro permission validation leading to macro execution (CVE-2023-6186)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.","modified":"2026-02-05T15:30:10.567352Z","published":"2024-06-14T14:00:35.848917Z","upstream":["CVE-2023-6185","CVE-2023-6186"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2024:3835"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254003"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254005"}],"affected":[{"package":{"name":"libreoffice","ecosystem":"Rocky Linux:9","purl":"pkg:rpm/rocky-linux/libreoffice?distro=rocky-linux-9&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:7.1.8.1-12.el9_3"}],"database_specific":{"yum_repository":"CRB"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3835.json"}}],"schema_version":"1.7.3","credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}