openSUSE-SU-2024:0021-1: moderate: Security update for perl-Spreadsheet-ParseXLSX
openSUSE-SU-2024:0020-1: important: Security update for chromium
openSUSE-SU-2024:0021-1: moderate: Security update for perl-Spreadsheet-ParseXLSX
openSUSE Security Update: Security update for perl-Spreadsheet-ParseXLSX
_______________________________
Announcement ID: openSUSE-SU-2024:0021-1
Rating: moderate
References: #1218651
Cross-References: CVE-2024-22368
Affected Products:
openSUSE Backports SLE-15-SP5
_______________________________
An update that fixes one vulnerability is now available.
Description:
This update for perl-Spreadsheet-ParseXLSX fixes the following issues:
Updated to 0.29:
see /usr/share/doc/packages/perl-Spreadsheet-ParseXLSX/Changes
0.29:
- Fix for 'Argument "" isn't numeric in addition (+) at /usr/local/sharâ¦
- Incorrect cell values due to phonetic data doy#72
- Fix die message in parse()
- Cannot open password protected SHA1 encrypted files. doy#68
- use date format detection based on Spreadsheet::XLSX
- Add rudimentary support for hyperlinks in cells
0.28:
- CVE-2024-22368: out-of-memory condition during parsing of a crafted XLSX
document (boo#1218651)
- Fix possible memory bomb as reported in
https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_x
lsx_bomb.md
- Updated Dist::Zilla configuration fixing deprecation warnings
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2024-21=1
Package List:
- openSUSE Backports SLE-15-SP5 (noarch):
perl-Spreadsheet-ParseXLSX-0.290.0-bp155.2.3.1
References:
https://www.suse.com/security/cve/CVE-2024-22368.html
https://bugzilla.suse.com/1218651
openSUSE-SU-2024:0020-1: important: Security update for chromium
openSUSE Security Update: Security update for chromium
_______________________________
Announcement ID: openSUSE-SU-2024:0020-1
Rating: important
References: #1217839 #1218048 #1218302 #1218303 #1218533
#1218719
Cross-References: CVE-2023-6508 CVE-2023-6509 CVE-2023-6510
CVE-2023-6511 CVE-2023-6512 CVE-2023-6702
CVE-2023-6703 CVE-2023-6704 CVE-2023-6705
CVE-2023-6706 CVE-2023-6707 CVE-2023-7024
CVE-2024-0222 CVE-2024-0223 CVE-2024-0224
CVE-2024-0225 CVE-2024-0333
CVSS scores:
CVE-2023-6508 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-6509 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-6510 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-6511 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2023-6512 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2023-6702 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-6703 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-6704 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-6704 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-6705 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-6706 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-6707 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2023-7024 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-0222 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-0223 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-0224 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2024-0225 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP5
_______________________________
An update that fixes 17 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
- Chromium 120.0.6099.216 (boo#1217839, boo#1218048, boo#1218302,
boo#1218533, boo#1218719)
* CVE-2024-0333: Insufficient data validation in Extensions
* CVE-2024-0222: Use after free in ANGLE
* CVE-2024-0223: Heap buffer overflow in ANGLE
* CVE-2024-0224: Use after free in WebAudio
* CVE-2024-0225: Use after free in WebGPU
* CVE-2023-7024: Heap buffer overflow in WebRTC
* CVE-2023-6702: Type Confusion in V8
* CVE-2023-6703: Use after free in Blink
* CVE-2023-6704: Use after free in libavif (boo#1218303)
* CVE-2023-6705: Use after free in WebRTC
* CVE-2023-6706: Use after free in FedCM
* CVE-2023-6707: Use after free in CSS
* CVE-2023-6508: Use after free in Media Stream
* CVE-2023-6509: Use after free in Side Panel Search
* CVE-2023-6510: Use after free in Media Capture
* CVE-2023-6511: Inappropriate implementation in Autofill
* CVE-2023-6512: Inappropriate implementation in Web Browser UI
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP5:
zypper in -t patch openSUSE-2024-20=1
Package List:
- openSUSE Backports SLE-15-SP5 (aarch64 x86_64):
chromedriver-120.0.6099.216-bp155.2.64.1
chromium-120.0.6099.216-bp155.2.64.1
References:
https://www.suse.com/security/cve/CVE-2023-6508.html
https://www.suse.com/security/cve/CVE-2023-6509.html
https://www.suse.com/security/cve/CVE-2023-6510.html
https://www.suse.com/security/cve/CVE-2023-6511.html
https://www.suse.com/security/cve/CVE-2023-6512.html
https://www.suse.com/security/cve/CVE-2023-6702.html
https://www.suse.com/security/cve/CVE-2023-6703.html
https://www.suse.com/security/cve/CVE-2023-6704.html
https://www.suse.com/security/cve/CVE-2023-6705.html
https://www.suse.com/security/cve/CVE-2023-6706.html
https://www.suse.com/security/cve/CVE-2023-6707.html
https://www.suse.com/security/cve/CVE-2023-7024.html
https://www.suse.com/security/cve/CVE-2024-0222.html
https://www.suse.com/security/cve/CVE-2024-0223.html
https://www.suse.com/security/cve/CVE-2024-0224.html
https://www.suse.com/security/cve/CVE-2024-0225.html
https://www.suse.com/security/cve/CVE-2024-0333.html
https://bugzilla.suse.com/1217839
https://bugzilla.suse.com/1218048
https://bugzilla.suse.com/1218302
https://bugzilla.suse.com/1218303
https://bugzilla.suse.com/1218533
https://bugzilla.suse.com/1218719
