Debian LTS Advisory ([SECURITY] [DLA 1947-1] libreoffice security update)

The remote host is missing an update for the 'libreoffice' package(s) announced via the DSA-1947-1 advisory.

Several vulnerabilities were discovered in LibreOffice, the office productivity suite. CVE-2019-9848 Nils Emmerich discovered that malicious documents could execute arbitrary Python code via LibreLogo. CVE-2019-9849 Matei Badanoiu discovered that the stealth mode did not apply to bullet graphics. CVE-2019-9850 It was discovered that the protections implemented in CVE-2019-9848 could be bypassed because of insufficient URL validation. CVE-2019-9851 Gabriel Masei discovered that malicious documents could execute arbitrary pre-installed scripts. CVE-2019-9852 Nils Emmerich discovered that the protection implemented to address CVE-2018-16858 could be bypassed by a URL encoding attack. CVE-2019-9853 Nils Emmerich discovered that malicious documents could bypass document security settings to execute macros contained within the document. CVE-2019-9854 It was discovered that the protection implemented to address CVE-2019-9852 could be bypassed because of insufficient input sanitization.

'libreoffice' package(s) on Debian Linux.

Checks if a vulnerable package version is present on the target host.

For Debian 8 'Jessie', these problems have been fixed in version 1:4.3.3-2+deb8u13. We recommend that you upgrade your libreoffice packages.