Thursday, December 14, 2023

[USN-6546-2] LibreOffice vulnerabilities

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmV7F3kACgkQZWnYVadE
vpNmeQ/9EKx2AODDmKk3sT5BiIyl70i0xu488NdkCEiw7GGsu27T7Ri8OWWOWjGu
kXo2zDA4To0pvEvpXnvTuAb5pF6ZFbsF1A2ONfls/yVYkxoGibaJNEj8opDb6XO8
ktcwK887349EA02L63/XpmUU25+xRaBNTmewzb2qNjiQxYFvHyt+gdc4fqvlDkKG
c4AB9ilLiI0xiQ6tvaCfq0IaDATQA8H8wuQdQdEJeUl6i/kIZW3H3U7T53YZb+bP
ceUrSjFKznrs+wXikLrkAcfJl/3c4v7Uyjj3CK4u9Osb/0DOQUsChcoKnThJM16s
5Z3u2hNe4JWEkMUBHOMoIXLjTAoWbUrsTw+crqv5WTRlr36zC0aFZjOKrpd2KuJ9
OAsOzEJVLLNPQ8hWx0OUyncycl4pBt9HMSPIa4RPh6pUTw18NrvNZy8edb9x53bB
RqQVvn33QY2kGgDPr1yVpNARmn+eL1ICb7CckM4oO4zfsqC4LxmS+L4t2DFe9Sb/
Jsk7/USZxEX/i95GTLdm7VnlpjdnIGlK0XRfPGC5jC0AUq2u0gXduvQCpgwDokzK
K18S0ajnvYjlyEPBsXpsLhQLY5CoXDx4MR7/WJXoYke20Y/kJEGr9TTQUqIj8Swu
1gNx3XGM1jxwfeeGo6PPJqKludH+3dR0oh2pQkUCwcbYo9r/3O0=
=Ko/3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6546-2
December 14, 2023

libreoffice vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in LibreOffice.

Software Description:
- libreoffice: Office productivity suite

Details:

USN-6546-1 fixed vulnerabilities in LibreOffice. This update provides the
corresponding updates for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Original advisory details:

Reginaldo Silva discovered that LibreOffice incorrectly handled filenames
when passing embedded videos to GStreamer. If a user were tricked into
opening a specially crafted file, a remote attacker could possibly use this
issue to execute arbitrary GStreamer plugins. (CVE-2023-6185)
Reginaldo Silva discovered that LibreOffice incorrectly handled certain
non-typical hyperlinks. If a user were tricked into opening a specially
crafted file, a remote attacker could possibly use this issue to execute
arbitrary scripts. (CVE-2023-6186)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
libreoffice 1:7.3.7-0ubuntu0.22.04.4

Ubuntu 20.04 LTS:
libreoffice 1:6.4.7-0ubuntu0.20.04.9

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6546-2
https://ubuntu.com/security/notices/USN-6546-1
CVE-2023-6185, CVE-2023-6186

Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:7.3.7-0ubuntu0.22.04.4
https://launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-0ubuntu0.20.04.9

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)