皆様 TDFより以下のとおり脆弱性の修正についてお知らせがありました。 LibreOffice 6.2.7もしくは6.3.1に更新することが推奨されます。
具体的には、以前のバージョンでは文書内のマクロへのURLのデコード処理に 瑕疵がありました。このためセキュリティ設定に従ってブロックされるはずの マクロが実行される可能性がありました。 -- Takeshi Abe On Fri, 27 Sep 2019 10:30:23 +0100, Caolán McNamara <caol...@redhat.com> wrote: > tl;dr: Ensure you are upgraded to at least 6.2.7 and 6.3.1 > > ---- > > CVE-2019-9853: Insufficient URL decoding flaw in categorizing macro > location > > LibreOffice documents can contain macros. The execution of those macros > is controlled by the document security settings, typically execution of > macros are blocked by default. > > A URL decoding flaw existed in how the urls to the macros within the > document were processed and categorized, resulting in the possibility > to construct a document where macro execution bypassed the security > settings. > > The documents were correctly detected as containing macros, and > prompted the user to their existence within the documents, but macros > within the document were subsequently not controlled by the security > settings allowing arbitrary macro execution > > This issue affects: > LibreOffice 6.2 series versions prior to 6.2.6; > LibreOffice 6.3 series versions prior to 6.3.1. > > Because CVE-2019-9854 and CVE-2019-9855 exist in 6.2.6, 6-2 series > users are recommended to upgrade to 6.2.7 > > Thanks to Nils Emmerich of ERNW Research GmbH for discovering and > reporting this issue. > > -- Unsubscribe instructions: E-mail to discuss+unsubscr...@ja.libreoffice.org Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.libreoffice.org/ja/discuss/ Privacy Policy: https://www.documentfoundation.org/privacy
