SB20250328319 - Anolis OS update for libreoffice

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Security features bypass (CVE-ID: CVE-2024-3044)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a missing check for lick events on graphics. A remote attacker can trick the victim to open a specially crafted document and execute arbitrary macro on the system.

2) Improper Certificate Validation (CVE-ID: CVE-2024-6472)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due improper certificate validation when handling documents with signed macros inside. If the macro has an untrusted signature, the use can ignore the failure and enable the macros anyway.

Remediation

Install update from vendor's website.

References

• https://anas.openanolis.cn/errata/detail/ANSA-2024:0915