Monday, March 10, 2025

[USN-7337-1] LibreOffice vulnerability

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmfO9NEFAwAAAAAACgkQZWnYVadEvpPM
eA//bQtKFt/sGj64CjfRBm4tAHun3+OSyenRsAm0wg5qayPWUWzBi4dbLE/W6nAbBsOS12oCb4Fp
Jprj578A7+UdM5ER0QpRUrBfTEr6Lao2gfBeY/KNCD60CeoPVu5yX7aSJi1K2XtetijdbEziiW1c
hs3CnxYa8nb7FLXIaHAnCUkN8jdTogeV45XwWEq8cpr8F5Tiq+Hc7Qzgt8MLVnw+5Htkl40bDwwn
OhEFPyJ+m5T35Tu/UCFx+JtQBmXJdfixQv2d3MGXSaik6ppqHL1fW5144QrzmIhBIIBWZLz92QWM
buDTR7kUtxwcTRB8yiojtNuC1lx4hAX/0a1bNa1xJ2I9tnbq+lSsq9PiSAJf0/9PSBfoxx4zqg+C
kyBtB2xjXzf7uZPrpP9XHocng9HKFgFFRfZREXmS4n6G1ggLqyEKquUieyGecNIjIzDGaX4YiyFG
hv6tMf0/NXUOJ4AUq2+qtAJZHEGE1mkyHCBQEcOvdZO2Xiz6AMcbeU8/FIZHcUGJDWbScv8mr8Yf
olgCwR6kIaxK0Fc4Jr/6Ufv+0gfgqyZufUGxtrOSo42hFmMX84XXkl9nKeJKM9hkacBMj4hZrRpP
V+D8dGmpNNZ8Xnvb8OFnvTp8YyT4nRdVswSVabus0k8gtGHSabIOSKXH0OAbshuTbo1TxJTjm7OW
Hug=
=/+NX
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7337-1
March 10, 2025

libreoffice vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

LibreOffice could be made to run programs if it opened a specially crafted
file.

Software Description:
- libreoffice: Office productivity suite

Details:

It was discovered that LibreOffice incorrectly handled Office URI Schemes.
If a user or automated system were tricked into opening a specially crafted
LibreOffice file, a remote attacker could possibly use this issue to call
internal macros.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
libreoffice 4:24.8.5-0ubuntu0.24.10.2

Ubuntu 24.04 LTS
libreoffice 4:24.2.7-0ubuntu0.24.04.3

Ubuntu 22.04 LTS
libreoffice 1:7.3.7-0ubuntu0.22.04.9

Ubuntu 20.04 LTS
libreoffice 1:6.4.7-0ubuntu0.20.04.14

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7337-1
CVE-2025-1080

Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/4:24.8.5-0ubuntu0.24.10.2
https://launchpad.net/ubuntu/+source/libreoffice/4:24.2.7-0ubuntu0.24.04.3
https://launchpad.net/ubuntu/+source/libreoffice/1:7.3.7-0ubuntu0.22.04.9
https://launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-0ubuntu0.20.04.14

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)