openSUSE Local Security Checks : openSUSE Security Advisory (openSUSE-SU-2024:0021-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.18.1.2024.0021.1

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (openSUSE-SU-2024:0021-1)

Resumen: The remote host is missing an update for the 'perl-Spreadsheet-ParseXLSX' package(s) announced via the openSUSE-SU-2024:0021-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'perl-Spreadsheet-ParseXLSX' package(s) announced via the openSUSE-SU-2024:0021-1 advisory.

Vulnerability Insight:
This update for perl-Spreadsheet-ParseXLSX fixes the following issues:

Updated to 0.29:

see /usr/share/doc/packages/perl-Spreadsheet-ParseXLSX/Changes

0.29:

- Fix for 'Argument '' isn't numeric in addition (+) at /usr/local/shar...
- Incorrect cell values due to phonetic data doy#72
- Fix die message in parse()
- Cannot open password protected SHA1 encrypted files. doy#68
- use date format detection based on Spreadsheet::XLSX
- Add rudimentary support for hyperlinks in cells

0.28:

- CVE-2024-22368: out-of-memory condition during parsing of a crafted XLSX document (boo#1218651)

- Fix possible memory bomb as reported in [link moved to references]
- Updated Dist::Zilla configuration fixing deprecation warnings

Affected Software/OS:
'perl-Spreadsheet-ParseXLSX' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
4.9

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-22368
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNJVC4C5C5V44DNOZ5BHVU53CDXPB2OJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R7NYWVVZYDZIQC5YEXNHZM6VEE26SJV/
https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md
https://metacpan.org/dist/Spreadsheet-ParseXLSX/changes
https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html
https://lists.debian.org/debian-lts-announce/2024/01/msg00018.html
http://www.openwall.com/lists/oss-security/2024/01/10/2

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.1.2024.0021.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (openSUSE-SU-2024:0021-1)
Resumen:	The remote host is missing an update for the 'perl-Spreadsheet-ParseXLSX' package(s) announced via the openSUSE-SU-2024:0021-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'perl-Spreadsheet-ParseXLSX' package(s) announced via the openSUSE-SU-2024:0021-1 advisory. Vulnerability Insight: This update for perl-Spreadsheet-ParseXLSX fixes the following issues: Updated to 0.29: see /usr/share/doc/packages/perl-Spreadsheet-ParseXLSX/Changes 0.29: - Fix for 'Argument '' isn't numeric in addition (+) at /usr/local/shar... - Incorrect cell values due to phonetic data doy#72 - Fix die message in parse() - Cannot open password protected SHA1 encrypted files. doy#68 - use date format detection based on Spreadsheet::XLSX - Add rudimentary support for hyperlinks in cells 0.28: - CVE-2024-22368: out-of-memory condition during parsing of a crafted XLSX document (boo#1218651) - Fix possible memory bomb as reported in [link moved to references] - Updated Dist::Zilla configuration fixing deprecation warnings Affected Software/OS: 'perl-Spreadsheet-ParseXLSX' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-22368 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNJVC4C5C5V44DNOZ5BHVU53CDXPB2OJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R7NYWVVZYDZIQC5YEXNHZM6VEE26SJV/ https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md https://metacpan.org/dist/Spreadsheet-ParseXLSX/changes https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html https://lists.debian.org/debian-lts-announce/2024/01/msg00018.html http://www.openwall.com/lists/oss-security/2024/01/10/2
Copyright	Copyright (C) 2025 Greenbone AG