CVE-2023-1183
Description
Moderate: libreoffice security update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
CVE-2023-1183 NameCVE-2023-1183 DescriptionA flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE,โฆ
CVE-2023-1183
| Name | CVE-2023-1183 |
| Description | A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-3467-1, DLA-3468-1, DSA-5436-1, DSA-5437-1, DSA-5995-1 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| hsqldb (PTS) | bullseye (security), bullseye | 2.5.1-1+deb11u2 | fixed |
| bookworm, bookworm (security) | 2.7.1-1+deb12u1 | fixed | |
| forky, sid, trixie | 2.7.4-1 | fixed | |
| hsqldb1.8.0 (PTS) | bullseye (security), bullseye | 1.8.0.10+dfsg-10+deb11u1 | fixed |
| bookworm, bookworm (security) | 1.8.0.10+dfsg-11+deb12u1 | fixed | |
| trixie (security), trixie | 1.8.0.10+dfsg-12.1+deb13u1 | fixed | |
| forky, sid | 1.8.0.10+dfsg2-2 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| hsqldb | source | buster | 2.4.1-2+deb10u2 | DLA-3467-1 | ||
| hsqldb | source | bullseye | 2.5.1-1+deb11u2 | DSA-5437-1 | ||
| hsqldb | source | bookworm | 2.7.1-1+deb12u1 | DSA-5437-1 | ||
| hsqldb | source | (unstable) | 2.7.2-1 | |||
| hsqldb1.8.0 | source | buster | 1.8.0.10+dfsg-10+deb10u1 | DLA-3468-1 | ||
| hsqldb1.8.0 | source | bullseye | 1.8.0.10+dfsg-10+deb11u1 | DSA-5436-1 | ||
| hsqldb1.8.0 | source | bookworm | 1.8.0.10+dfsg-11+deb12u1 | DSA-5436-1 | ||
| hsqldb1.8.0 | source | trixie | 1.8.0.10+dfsg-12.1+deb13u1 | DSA-5995-1 | ||
| hsqldb1.8.0 | source | (unstable) | 1.8.0.10+dfsg-14 |
Notes
https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/
https://gerrit.libreoffice.org/c/core/+/146905
https://sourceforge.net/p/hsqldb/svn/6639/
Apply commands
https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/https://gerrit.libreoffice.org/c/core/+/146905https://sourceforge.net/p/hsqldb/svn/6639/OS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | โ |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | autocorr-it-7.1.8.1-11.el9.alma.noarch.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.7.2-1 |
| sid | Fixed | 2.7.2-1 |
| forky | Fixed | 2.7.2-1 |
| bullseye | Fixed | 2.5.1-1+deb11u2 |
| bookworm | Fixed | 2.7.1-1+deb12u1 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
References
- https://access.redhat.com/errata/RHSA-2023:6508
- https://www.suse.com/security/cve/CVE-2023-1183.html
- https://security-tracker.debian.org/tracker/CVE-2023-1183
- https://access.redhat.com/errata/RHSA-2023:6933
- https://bugzilla.redhat.com/2182044
- https://bugzilla.redhat.com/2208506
- https://bugzilla.redhat.com/2210185
- https://bugzilla.redhat.com/2210186
- https://errata.almalinux.org/8/ALSA-2023-6933.html
- https://errata.almalinux.org/9/ALSA-2023-6508.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.