Home / Security / USN-3883-1: LibreOffice vulnerabilities | Ubuntu security notices

USN-3883-1: LibreOffice vulnerabilities | Ubuntu security notices

6 February 2019

libreoffice vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary

Several security issues were fixed in LibreOffice.

Software Description

  • libreoffice – Office productivity suite

Details

It was discovered that LibreOffice incorrectly handled certain document
files. If a user were tricked into opening a specially crafted document, a
remote attacker could cause LibreOffice to crash, and possibly execute
arbitrary code. (CVE-2018-10119, CVE-2018-10120, CVE-2018-11790)

It was discovered that LibreOffice incorrectly handled embedded SMB
connections in document files. If a user were tricked in to opening a
specially crafted document, a remote attacker could possibly exploit this
to obtain sensitive information. (CVE-2018-10583)

Alex Inführ discovered that LibreOffice incorrectly handled embedded
scripts in document files. If a user were tricked into opening a specially
crafted document, a remote attacker could possibly execute arbitrary code.
(CVE-2018-16858)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 16.04 LTS
libreoffice-core1:5.1.6~rc2-0ubuntu1~xenial6
Ubuntu 14.04 LTS
libreoffice-core1:4.2.8-0ubuntu5.5

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart LibreOffice to make all
the necessary changes.

References

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

x

Check Also

Broadcom WiFi Driver Flaws Expose Computers, Phones, IoT to RCE Attacks

Broadcom WiFi Driver Flaws Expose Computers, Phones, IoT to RCE Attacks

Broadcom WiFi chipset drivers have been found to contain vulnerabilities impacting multiple operating systems and ...