Mageia forum

I was looking at the version of LibreOffice while checking out the install of Mageia7. I got curious. Is this the version that has the micro bug to it or was it patched? Was just wondering when I saw the version of the office suite. Thought I'd ask to clarify my mind on this.

Thanks ahead for the information.

Do you mind to add some context what that "micro bug" is that you mentioned ?

@doktor5000
Here's the link I was mentioning about Libreoffice. When I saw the version I remembered reading about it a few days before the download and looking around on the various things here. So that question popped into mind to ask about it.

https://www.theregister.co.uk/2019/07/3 ... cro_virus/

I suppose you're referring to CVE-2019-9848 (arbitrary code execution via LibreLogo). As far as I can tell Mageia 7 isn't patched, but I couldn't find the LibreLogo toolbar anywhere, so maybe it's not included?

According to https://lists.fedoraproject.org/archive ... EDMRDWKMP/ the fixes are in since 6.2.5.2 and we're slightly behind on mga7, although in cauldron 6.2.5.2 arrived 2 weeks ago, so we might get an update soon. You can follow https://bugs.mageia.org/show_bug.cgi?id=25154 for progress on that. Next time it's easier to search directly for the CVE number in our bugzilla, that way you're aware if this issue is already known and if someone's working on it.

librelogo also seems to be enabled:

Code: Select all

[doktor5000@Mageia7]─[13:50:56]─[~] urpmq -i libreoffice-librelogo
Name        : libreoffice-librelogo
Version     : 6.2.3.2
Release     : 3.mga7
Group       : Office/Utilities
Size        : 978685                       Architecture: x86_64
Source RPM  : libreoffice-6.2.3.2-3.mga7.src.rpm
URL         : http://www.libreoffice.org/
Summary     : LibreLogo scripting language
Description :
Enables LibreLogo scripting in Writer. LibreLogo is a Logo-like
programming language with interactive vectorgraphics for education and
DTP.

[doktor5000@Mageia7]─[13:50:59]─[~]

@ITA84
Believe that was the one. Someone had sent that article to me and I had booked it after reading and it stuck in back of my mind somewhere when I started looking around on things here getting the feel for it here and checking out versions etc. So when I saw the version it started bugging me and pulling that the back of mind to the front and made me ask on it.

@doktor5000
Thanks for the update and links. I booked those two so I could go back to them in future if I have questions on other things as well.

If I'm reading that right it's mainly dealing with the writer aspect of the suite then and not the rest of it such as Calac and Impres etc?
Guess I'd better stay out of there for a bit then until patch filters down to us with upgrades.
Found a Cheat-Sheet for commands on using terminal here. Hopefully the commands haven't much changed since I had found and downloaded those. This way I can also check things out in the terminal as well. Again, thanks for the information.

Tom

I'm going to go ahead and mark this one as solved for the moment. Again, thanks for the information and links on this.

Tom

Crewdawg wrote:If I'm reading that right it's mainly dealing with the writer aspect of the suite then and not the rest of it such as Calac and Impres etc?

As far as I understood every piece of the suite is affected, as all of them could call LibreLogo via document event handlers.
You should be fine if you simply uninstall librelogo, package name is libreoffice-librelogo and it shouldn't be installed by default.

@ doktor5000
Thanks for the heads up. I went into rpmdrake and did a search on the packages. I didn't see any 'tic' mark in that check box beside the libreoffice-librelogo. So, I'm taking it at this rate that I have a good Libreoffice setup then. From reading the description of it I can't see any need for me to be using at this time anyway.

I do like Libreoffice. Kind of reminds me of the old Lotus Amipro suite. Remember that one? Liked it better than the MS Office suite. Missed Amipro when it went away. I always thought was a great one. Fooled all of my instructors when they said that they wanted a certain style and font. They didn't know the difference at all.
Again, thank you for the quick reply on this.

Tom