USN-3210-1: LibreOffice vulnerability
23 February 2017
LibreOffice could be made to disclose files if it opened a specially crafted file.
Releases
Packages
- libreoffice - Office productivity suite
Details
Ben Hayak discovered that it was possible to make LibreOffice Calc and Writer
disclose arbitrary files to an attacker if a user opened a specially crafted
file with embedded links.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
libreoffice
-
1:5.1.6~rc2-0ubuntu1~xenial1
-
libreoffice-base
-
1:5.1.6~rc2-0ubuntu1~xenial1
-
libreoffice-base-core
-
1:5.1.6~rc2-0ubuntu1~xenial1
-
libreoffice-calc
-
1:5.1.6~rc2-0ubuntu1~xenial1
-
libreoffice-common
-
1:5.1.6~rc2-0ubuntu1~xenial1
-
libreoffice-core
-
1:5.1.6~rc2-0ubuntu1~xenial1
-
libreoffice-math
-
1:5.1.6~rc2-0ubuntu1~xenial1
-
libreoffice-writer
-
1:5.1.6~rc2-0ubuntu1~xenial1
Ubuntu 14.04
-
libreoffice
-
1:4.2.8-0ubuntu5
-
libreoffice-base
-
1:4.2.8-0ubuntu5
-
libreoffice-base-core
-
1:4.2.8-0ubuntu5
-
libreoffice-calc
-
1:4.2.8-0ubuntu5
-
libreoffice-common
-
1:4.2.8-0ubuntu5
-
libreoffice-core
-
1:4.2.8-0ubuntu5
-
libreoffice-math
-
1:4.2.8-0ubuntu5
-
libreoffice-writer
-
1:4.2.8-0ubuntu5
Ubuntu 12.04
-
libreoffice
-
1:3.5.7-0ubuntu13
-
libreoffice-base
-
1:3.5.7-0ubuntu13
-
libreoffice-base-core
-
1:3.5.7-0ubuntu13
-
libreoffice-calc
-
1:3.5.7-0ubuntu13
-
libreoffice-common
-
1:3.5.7-0ubuntu13
-
libreoffice-core
-
1:3.5.7-0ubuntu13
-
libreoffice-math
-
1:3.5.7-0ubuntu13
-
libreoffice-writer
-
1:3.5.7-0ubuntu13
In general, a standard system update will make all the necessary changes.