Hey,
the check “LibreOffice Improper Certificate Validation Vulnerability (Aug 2024) - Linux” gives us the result below. The scanned system is a Debian Linux which has the version 4:7.4.7-1+deb12u5 installed. The vulnerability should be fixed according to the Debian security tracker and the result is a false positive.
Summary
LibreOffice is prone to an improper certificate validation vulnerability.
Detection Result
Installed version: 7.4.7.2.2 Fixed version: 24.2.5 Installation path / port: /usr/bin/libreoffice
Product Detection Result
Product cpe:/a:libreoffice:libreoffice:7.4.7.2.2 Method LibreOffice Detection (Linux/Unix SSH Login) (OID: 1.3.6.1.4.1.25623.1.0.902701) Log View details of product detection Insight
The flaw exists when handling documents with signed macros inside.
Detection Method
Checks if a vulnerable version is present on the target host.
Details: LibreOffice Improper Certificate Validation Vulnerability (Aug 2024) -…OID: 1.3.6.1.4.1.25623.1.0.834295 Version used: 2024-09-18T07:05:35+02:00 Affected Software/OS
LibreOffice prior to version 24.2.5 on Linux.
Impact
Successful exploitation allows an attacker to compromise the affected system.
Solution
Solution Type:
Vendorfix
Update to version 24.2.5 or later.
References
CVE CVE-2024-6472 CERT DFN-CERT-2024-2003 WID-SEC-2024-1764 Other CVE-2024-6472 | LibreOffice - Free and private office suite - Based on OpenOffice - Compatible with Microsoft - Improper certificate validation in LibreOffice