CVE-2022-26306
Description
Moderate: libreoffice security update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Description libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password CVSS v3: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8libreoffice-1:6.4.7.2-12.el8_7RHSA-2023:00892023-01-12T00:00:00Z Red Hat Enterprise Linuxβ¦
Description
libreoffice: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password
CVSS v3: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | libreoffice-1:6.4.7.2-12.el8_7 | RHSA-2023:0089 | 2023-01-12T00:00:00Z |
| Red Hat Enterprise Linux 9 | libreoffice-1:7.1.8.1-8.el9_1 | RHSA-2023:0304 | 2023-01-23T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | libreoffice | Not affected |
| Red Hat Enterprise Linux 7 | libreoffice | Not affected |
| Red Hat Enterprise Linux 8 | libreoffice:flatpak/libreoffice | Will not fix |
| Red Hat Enterprise Linux 9 | libreoffice:flatpak/libreoffice | Affected |
Apply commands
yum update -y libreoffice
# or:
dnf upgrade -y libreofficeAffected
| Vendor | Product | Version |
|---|---|---|
| redhat | Red Hat Enterprise Linux 6 | Not affected |
| redhat | Red Hat Enterprise Linux 7 | Not affected |
| redhat | Red Hat Enterprise Linux 9 | Affected |
OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | autocorr-lb-7.1.8.1-8.el9_1.alma.noarch.rpm |
Arch Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Fixed | 7.2.7-1 |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 1:7.3.3~rc1-2 |
| sid | Fixed | 1:7.3.3~rc1-2 |
| forky | Fixed | 1:7.3.3~rc1-2 |
| bullseye | Fixed | 1:7.0.4-4+deb11u2 |
| bookworm | Fixed | 1:7.3.3~rc1-2 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
Rocky Linux Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2023:0304
- https://errata.rockylinux.org/RLSA-2023:0089
- https://www.suse.com/security/cve/CVE-2022-26306.html
- https://security-tracker.debian.org/tracker/CVE-2022-26306
- https://errata.rockylinux.org/RLSA-2023:0304
- https://access.redhat.com/errata/RHSA-2023:0089
- https://bugzilla.redhat.com/2118610
- https://bugzilla.redhat.com/2118611
- https://bugzilla.redhat.com/2118613
- https://bugzilla.redhat.com/2134697
- https://errata.almalinux.org/8/ALSA-2023-0089.html
- https://errata.almalinux.org/9/ALSA-2023-0304.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.