Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 504
Alerts This Week
Warning Icon 1 504

Ubuntu 16.04 LTS: USN-3210-1 Critical File Disclosure in LibreOffice

ubuntu
Calendar Grey February 23, 2017
Dist Ubuntu Esm H88
Upgrade your Ubuntu installation to resolve the LibreOffice vulnerability that may expose documents when handling specially crafted files.
LibreOffice could be made to disclose files if it opened a specially craftedfile.

Summary

LibreOffice could be made to disclose files if it opened a specially crafted

file.

Software Description:

- libreoffice: Office productivity suite

Details:

Ben Hayak discovered that it was possible to make LibreOffice Calc and Writer

disclose arbitrary files to an attacker if a user opened a specially crafted

file with embedded links.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libreoffice                     1:5.1.6~rc2-0ubuntu1~xenial1
  libreoffice-base                1:5.1.6~rc2-0ubuntu1~xenial1
  libreoffice-base-core           1:5.1.6~rc2-0ubuntu1~xenial1
  libreoffice-calc                1:5.1.6~rc2-0ubuntu1~xenial1
  libreoffice-common              1:5.1.6~rc2-0ubuntu1~xenial1
  libreoffice-core                1:5.1.6~rc2-0ubuntu1~xenial1
  libreoffice-math                1:5.1.6~rc2-0ubuntu1~xenial1
  libreoffice-writer              1:5.1.6~rc2-0ubuntu1~xenial1

Ubuntu 14.04 LTS:
  libreoffice                     1:4.2.8-0ubuntu5
  libreoffice-base                1:4.2.8-0ubuntu5
  libreoffice-base-core           1:4.2.8-0ubuntu5
  libreoffice-calc                1:4.2.8-0ubuntu5
  libreoffice-common              1:4.2.8-0ubuntu5
  libreoffice-core                1:4.2.8-0ubuntu5
  libreoffice-math                1:4.2.8-0ubuntu5
  libreoffice-writer              1:4.2.8-0ubuntu5

Ubuntu 12.04 LTS:
  libreoffice                     1:3.5.7-0ubuntu13
  libreoffice-base                1:3.5.7-0ubuntu13
  libreoffice-base-core           1:3.5.7-0ubuntu13
  libreoffice-calc                1:3.5.7-0ubuntu13
  libreoffice-common              1:3.5.7-0ubuntu13
  libreoffice-core                1:3.5.7-0ubuntu13
  libreoffice-math                1:3.5.7-0ubuntu13
  libreoffice-writer              1:3.5.7-0ubuntu13

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3210-1

  CVE-2017-3157

Severity
critical
Lowest
Low
Medium
High
Critical

February 23, 2017

Package Information

  https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial1
  https://launchpad.net/ubuntu/+source/libreoffice/1:4.2.8-0ubuntu5
  https://launchpad.net/ubuntu/+source/libreoffice/1:3.5.7-0ubuntu13

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.