Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Ubuntu 16.04 LTS: USN-3210-1 Critical File Disclosure in LibreOffice

Calendar Feb 23, 2017 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical threat ubuntu file disclosure libreoffice
LibreOffice could be made to disclose files if it opened a specially craftedfile. 
=========================================================================Ubuntu Security Notice USN-3210-1
February 23, 2017

LibreOffice vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

LibreOffice could be made to disclose files if it opened a specially crafted
file.

Software Description:
- libreoffice: Office productivity suite

Details:

Ben Hayak discovered that it was possible to make LibreOffice Calc and Writer
disclose arbitrary files to an attacker if a user opened a specially crafted
file with embedded links.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  libreoffice                     1:5.1.6~rc2-0ubuntu1~xenial1
  libreoffice-base                1:5.1.6~rc2-0ubuntu1~xenial1
  libreoffice-base-core           1:5.1.6~rc2-0ubuntu1~xenial1
  libreoffice-calc                1:5.1.6~rc2-0ubuntu1~xenial1
  libreoffice-common              1:5.1.6~rc2-0ubuntu1~xenial1
  libreoffice-core                1:5.1.6~rc2-0ubuntu1~xenial1
  libreoffice-math                1:5.1.6~rc2-0ubuntu1~xenial1
  libreoffice-writer              1:5.1.6~rc2-0ubuntu1~xenial1

Ubuntu 14.04 LTS:
  libreoffice                     1:4.2.8-0ubuntu5
  libreoffice-base                1:4.2.8-0ubuntu5
  libreoffice-base-core           1:4.2.8-0ubuntu5
  libreoffice-calc                1:4.2.8-0ubuntu5
  libreoffice-common              1:4.2.8-0ubuntu5
  libreoffice-core                1:4.2.8-0ubuntu5
  libreoffice-math                1:4.2.8-0ubuntu5
  libreoffice-writer              1:4.2.8-0ubuntu5

Ubuntu 12.04 LTS:
  libreoffice                     1:3.5.7-0ubuntu13
  libreoffice-base                1:3.5.7-0ubuntu13
  libreoffice-base-core           1:3.5.7-0ubuntu13
  libreoffice-calc                1:3.5.7-0ubuntu13
  libreoffice-common              1:3.5.7-0ubuntu13
  libreoffice-core                1:3.5.7-0ubuntu13
  libreoffice-math                1:3.5.7-0ubuntu13
  libreoffice-writer              1:3.5.7-0ubuntu13

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3210-1
  CVE-2017-3157

Package Information:
  https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial1
  https://launchpad.net/ubuntu/+source/libreoffice/1:4.2.8-0ubuntu5
  https://launchpad.net/ubuntu/+source/libreoffice/1:3.5.7-0ubuntu13

Ubuntu 16.04 LTS: USN-3210-1 Critical File Disclosure in LibreOffice

ubuntu
Calendar Grey February 23, 2017
Dist Ubuntu Esm H88
Upgrade your Ubuntu installation to resolve the LibreOffice vulnerability that may expose documents when handling specially crafted files.
LibreOffice could be made to disclose files if it opened a specially craftedfile.

Summary

Topics%20covered

Topics Covered

security advisory critical threat ubuntu file disclosure libreoffice

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS:   libreoffice                     1:5.1.6~rc2-0ubuntu1~xenial1   libreoffice-base                1:5.1.6~rc2-0ubuntu1~xenial1   libreoffice-base-core           1:5.1.6~rc2-0ubuntu1~xenial1   libreoffice-calc                1:5.1.6~rc2-0ubuntu1~xenial1   libreoffice-common              1:5.1.6~rc2-0ubuntu1~xenial1   libreoffice-core                1:5.1.6~rc2-0ubuntu1~xenial1   libreoffice-math                1:5.1.6~rc2-0ubuntu1~xenial1   libreoffice-writer              1:5.1.6~rc2-0ubuntu1~xenial1 Ubuntu 14.04 LTS:   libreoffice                     1:4.2.8-0ubuntu5   libreoffice-base                1:4.2.8-0ubuntu5   libreoffice-base-core           1:4.2.8-0ubuntu5   libreoffice-calc                1:4.2.8-0ubuntu5   libreoffice-common              1:4.2.8-0ubuntu5   libreoffice-core                1:4.2.8-0ubuntu5   libreoffice-math                1:4.2.8-0ubuntu5   libreoffice-writer              1:4.2.8-0ubuntu5 Ubuntu 12.04 LTS:   libreoffice                     1:3.5.7-0ubuntu13   libreoffice-base                1:3.5.7-0ubuntu13   libreoffice-base-core           1:3.5.7-0ubuntu13   libreoffice-calc                1:3.5.7-0ubuntu13   libreoffice-common              1:3.5.7-0ubuntu13   libreoffice-core                1:3.5.7-0ubuntu13   libreoffice-math                1:3.5.7-0ubuntu13   libreoffice-writer              1:3.5.7-0ubuntu13 In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-3210-1

  CVE-2017-3157

Severity
critical
Lowest
Low
Medium
High
Critical

February 23, 2017

Topics%20covered

Topics Covered

security advisory critical threat ubuntu file disclosure libreoffice

Package Information

  https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial1   https://launchpad.net/ubuntu/+source/libreoffice/1:4.2.8-0ubuntu5   https://launchpad.net/ubuntu/+source/libreoffice/1:3.5.7-0ubuntu13

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here