Monday, January 27, 2025

[USN-7228-1] LibreOffice vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmeXx2cFAwAAAAAACgkQZWnYVadEvpPq
Cg//UNUaH6Xp2nUQsA2gE/pwu+OCVjYHfT1ByZ9AKJltZm4Jd3SVbfrs80l9c8MfGQbJG6s0vt/O
riRDMgaNSgCZVyasdHlOoR13BX9tp+hbtmr8cV99MlSF83wj+24CKLBz1yj+q0WrJ/N4HyhI71Hi
r4CXZwAZVt2G1b3yD4G+fNOtqNBVam/MkdhxTzE1bMHbNmkblOTac3j0N26ls3ZEe0g2Pirak4oo
nysuZLlkJtcXFiX/P3Y3WiLQZ+VnEks7zOYEG2mOKGxJFnP02Sa8dc4G47ruwokL9KH6DD5KOvMl
U6/ZeMTgzZL5RUoVITXZHyaGEHJvAMtb0Gd+mhQhu8SiZsTJQ+cHUXI6sth3knqmSOF3a9d6zu1m
+S/+dUqT0Es29jDi+7/nElouNmBpLGTUAPzY2UJX+uAocEbQse/+75zj8p0g0LMPuIpwzWC22ZZy
LVscnFIXhi20tF+lp5XE7UawKQz4FfvPuZM6YBGMHZ+kPZkI1UHt4YWhSsFygdumWejPsKTlX4WL
cxhUkyJZKyDtP01XtAK1+WBjxAGB0iLHSkAJ5Cp/MrO06iEr+Rm6svMTlQ3IdcB+XaUOIdKv0+hI
x9jm2SPuqit81hk+KDPqbM9KI8BgiteVYmG+pOdwY2/KQjC7rxr3wFLYyMy+JyNs+9oNIR/b/Zcd
T9o=
=9AF3
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7228-1
January 27, 2025

libreoffice vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in LibreOffice.

Software Description:
- libreoffice: Office productivity suite

Details:

Thomas Rinsma discovered that LibreOffice incorrectly handled paths when
processing embedded font files. If a user or automated system were tricked
into opening a specially crafted LibreOffice file, a remote attacker could
possibly use this issue to create arbitrary files ending with ".ttf".
(CVE-2024-12425)

Thomas Rinsma discovered that LibreOffice incorrectly handled certain
environment variables and INI file values. If a user or automated system
were tricked into opening a specially crafted LibreOffice file, a remote
attacker could possibly use this issue to exfiltrate sensitive information.
(CVE-2024-12426)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
libreoffice 4:24.8.4-0ubuntu0.24.10.2

Ubuntu 24.04 LTS
libreoffice 4:24.2.7-0ubuntu0.24.04.2

Ubuntu 22.04 LTS
libreoffice 1:7.3.7-0ubuntu0.22.04.8

Ubuntu 20.04 LTS
libreoffice 1:6.4.7-0ubuntu0.20.04.13

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7228-1
CVE-2024-12425, CVE-2024-12426

Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/4:24.8.4-0ubuntu0.24.10.2
https://launchpad.net/ubuntu/+source/libreoffice/4:24.2.7-0ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/libreoffice/1:7.3.7-0ubuntu0.22.04.8
https://launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-0ubuntu0.20.04.13

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)