CVE-2018-6871

Published: 09 February 2018

LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function.

Priority

High

CVSS 3 base score: 9.8

Status

Package Release Status
libreoffice
Launchpad, Ubuntu, Debian 		Upstream
Released (5.4.5,6.0.1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:6.0.1-0ubuntu3)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (1:5.1.6~rc2-0ubuntu1~xenial3)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:4.2.8-0ubuntu5.3])
Patches:
Upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a
Upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=4ede45eb239b1604bca900c22481b7d13e4c2790
Upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=e1946d75a1095c2596d7815600454ff01fcd3270
Upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=2bef4debcf7650f3b3922134dff0332d4a95da3f
Upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=dc44111ad5965bf4179fc654b677e1e445dea2f0
Upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=908854a7b281454332af434be9468ec45d420030

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading