{"id":282270,"date":"2022-07-28T06:41:35","date_gmt":"2022-07-28T08:41:35","guid":{"rendered":"https:\/\/teknomers.com\/fr\/libreoffice-publie-une-mise-a-jour-logicielle-pour-patcher-3-nouvelles-vulnerabilites\/"},"modified":"2022-07-28T06:41:36","modified_gmt":"2022-07-28T08:41:36","slug":"libreoffice-publie-une-mise-a-jour-logicielle-pour-patcher-3-nouvelles-vulnerabilites","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/libreoffice-publie-une-mise-a-jour-logicielle-pour-patcher-3-nouvelles-vulnerabilites\/","title":{"rendered":"LibreOffice publie une mise \u00e0 jour logicielle pour patcher 3 nouvelles vuln\u00e9rabilit\u00e9s"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>L&#8217;\u00e9quipe derri\u00e8re LibreOffice a publi\u00e9 des mises \u00e0 jour de s\u00e9curit\u00e9 pour corriger trois failles de s\u00e9curit\u00e9 dans le logiciel de productivit\u00e9, dont l&#8217;une pourrait \u00eatre exploit\u00e9e pour obtenir l&#8217;ex\u00e9cution de code arbitraire sur les syst\u00e8mes concern\u00e9s.<\/p>\n<p>Suivi comme <a rel=\"nofollow noopener\" href=\"https:\/\/www.libreoffice.org\/about-us\/security\/advisories\/cve-2022-26305\/\" target=\"_blank\">CVE-2022-26305<\/a>le probl\u00e8me a \u00e9t\u00e9 d\u00e9crit comme un cas de validation incorrecte du certificat lors de la v\u00e9rification de la signature d&#8217;une macro par un auteur de confiance, entra\u00eenant l&#8217;ex\u00e9cution de code malveillant int\u00e9gr\u00e9 aux macros.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEgvfqow2z1XORevUpzKGWWXZ2DP4dMaNi-7cycpa3J_bSZKv0tO6MP40HLl7lvVJDIswOmb6I-YoNMLJym4v9oLZQczujsMqcttB3M_Cvm6E-zLs0XrpwaTZ_SGFjckDfi3CPfijZaii8Z88_btcKeHKKfxm7cDyF3kaVvsirGpb2JWVH0Ot3xGiC2sZg\/s1600\/strike-728.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>&#8220;Un adversaire pourrait donc cr\u00e9er un certificat arbitraire avec un num\u00e9ro de s\u00e9rie et une cha\u00eene d&#8217;\u00e9metteur identiques \u00e0 un certificat de confiance que LibreOffice pr\u00e9senterait comme appartenant \u00e0 l&#8217;auteur de confiance, conduisant potentiellement l&#8217;utilisateur \u00e0 ex\u00e9cuter du code arbitraire contenu dans des macros de confiance incorrecte&#8221;, LibreOffice dit dans un avis.<\/p>\n<p>L&#8217;utilisation d&#8217;un vecteur d&#8217;initialisation statique (<a rel=\"nofollow noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Initialization_vector\" target=\"_blank\">IV<\/a>) pendant le chiffrement (<a rel=\"nofollow noopener\" href=\"https:\/\/www.libreoffice.org\/about-us\/security\/advisories\/cve-2022-26306\/\" target=\"_blank\">CVE-2022-26306<\/a>) qui aurait pu affaiblir la s\u00e9curit\u00e9 si un acteur malveillant avait acc\u00e8s aux informations de configuration de l&#8217;utilisateur.<\/p>\n<p>Enfin, les mises \u00e0 jour r\u00e9solvent \u00e9galement <a rel=\"nofollow noopener\" href=\"https:\/\/www.libreoffice.org\/about-us\/security\/advisories\/cve-2022-26307\/\" target=\"_blank\">CVE-2022-26307<\/a>dans lequel la cl\u00e9 principale \u00e9tait mal cod\u00e9e, rendant les mots de passe stock\u00e9s susceptibles d&#8217;\u00eatre attaqu\u00e9s par force brute si un adversaire est en possession de la configuration de l&#8217;utilisateur.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowdsec-tour-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/thehackernews.com\/new-images\/img\/b\/R29vZ2xl\/AVvXsEj6zHdXd3qpCksF0nkMkrjsOzaw-cxZGPHWoTEp9y7VPIeyPBFGsmIyIX8NTkqI1IDqnIXYnsZuIh4rc9f8TNUn7ndAZqtXc-t58X2oueTaL4Ijb4hgH-b183QvQ0ienXIipuOsqeLP5b8I2prKmp0RWvdZQgnKehVRKbqRQpin1JgfwlZeE_IB4EmesQ\/s1600\/crowdsec-728.jpg\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>Les trois vuln\u00e9rabilit\u00e9s, qui ont \u00e9t\u00e9 signal\u00e9es par OpenSource Security GmbH au nom de l&#8217;Office f\u00e9d\u00e9ral allemand de la s\u00e9curit\u00e9 de l&#8217;information, ont \u00e9t\u00e9 corrig\u00e9es dans les versions 7.2.7, 7.3.2 et 7.3.3 de LibreOffice.<\/p>\n<p>Les correctifs arrivent cinq mois apr\u00e8s que Document Foundation a corrig\u00e9 un autre bogue de validation de certificat incorrect (<a rel=\"nofollow noopener\" href=\"https:\/\/www.libreoffice.org\/about-us\/security\/advisories\/cve-2021-25636\/\" target=\"_blank\">CVE-2021-25636<\/a>) en f\u00e9vrier 2022. En octobre dernier, trois failles d&#8217;usurpation ont \u00e9t\u00e9 corrig\u00e9es qui pourraient \u00eatre utilis\u00e9es \u00e0 mauvais escient pour modifier des documents afin de les faire appara\u00eetre comme s&#8217;ils \u00e9taient sign\u00e9s num\u00e9riquement par une source fiable.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/07\/libreoffice-releases-software-security.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>L&#8217;\u00e9quipe derri\u00e8re LibreOffice a publi\u00e9 des mises \u00e0 jour de s\u00e9curit\u00e9 pour corriger trois failles de s\u00e9curit\u00e9 dans le logiciel de productivit\u00e9, dont l&#8217;une pourrait \u00eatre exploit\u00e9e pour obtenir l&#8217;ex\u00e9cution de code arbitraire sur les syst\u00e8mes concern\u00e9s. Suivi comme CVE-2022-26305le probl\u00e8me a \u00e9t\u00e9 d\u00e9crit comme un cas de validation incorrecte du certificat lors de la [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":282271,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[4168,4158,4165,4161,3995,4157,4159,4171,4170,94389,4167,40659,2811,4160,120,4163,4162,94390,185,2212,4172,4169,196,4166,4164,12365],"class_list":["post-282270","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-jour","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-libreoffice","tag-logiciel-malveillant-de-ransomware","tag-logicielle","tag-mise","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-patcher","tag-pour","tag-publie","tag-securite-informatique","tag-securite-internet","tag-une","tag-violation-de-donnees","tag-vulnerabilite-logicielle","tag-vulnerabilites"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/282270","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=282270"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/282270\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/282271"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=282270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=282270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=282270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}