Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Mageia: 2020-0258 Critical: LibreOffice Encryption Issue

mageia
Calendar Grey June 12, 2020
Dist Mageia Esm H88
Urgent notice regarding Mageia's LibreOffice patch addressing vulnerabilities in encryption post-crash incident. More information available.
This update increase Libreoffice to version 6.4.4.2 It fixes Security issues and add kf5 support

Summary

This update increase Libreoffice to version 6.4.4.2 It fixes Security issues and add kf5 support.
If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offersto restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted.
This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted.
In the fixed versions, encrypted recovered MSOffice format documents default to encrypted save.

References

- https://bugs.mageia.org/show_bug.cgi?id=26641

-

- https://wiki.documentfoundation.org/ReleaseNotes/6.3

- https://wiki.documentfoundation.org/ReleaseNotes/6.4

- https://www.cve.org/CVERecord?id=CVE-2020-12801

Topics%20covered

Topics Covered

security advisory critical software update encryption issue LibreOffice Mageia document recovery

Resolution

SRPMS

- 7/core/libabw-0.1.3-1.mga7

- 7/core/libcdr-0.1.6-1.mga7

- 7/core/libmwaw-0.3.16-1.mga7

- 7/core/libvisio-0.1.7-1.mga7

- 7/core/libwps-0.4.11-1.mga7

- 7/core/libixion-0.15.0-6.mga7

- 7/core/mdds-1.5.0-1.mga7

- 7/core/fmt-6.2.1-1.1.mga7

- 7/core/spdlog-1.6.0-1.mga7

- 7/core/qr-code-generator-1.5.0-6.mga7

- 7/core/libreoffice-6.4.4.2-1.mga7

- 7/core/celestia-1.7.0-0.20190423git.920a0c8.2.1.mga7

- 7/core/kodi-18.7-1.1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 12 Jun 2020
URL: https://advisories.mageia.org/MGASA-2020-0258.html
Type: security
CVE: CVE-2020-12801

Topics%20covered

Topics Covered

security advisory critical software update encryption issue LibreOffice Mageia document recovery

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here