Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 618
Alerts This Week
Warning Icon 1 618

Ubuntu 22.04 LTS USN-5694-1 Critical: LibreOffice Improper Link Handling

ubuntu
Calendar Grey October 20, 2022
Dist Ubuntu Esm H88
Critical vulnerabilities in LibreOffice can lead to document-related exploits, requiring immediate updates for Ubuntu.
Several security issues were fixed in LibreOffice.

Summary

Several security issues were fixed in LibreOffice.

Software Description:

- libreoffice: Office productivity suite

Details:

It was discovered that LibreOffice incorrectly handled links using the

Office URI Schemes. If a user were tricked into opening a specially

crafted document, a remote attacker could use this issue to execute

arbitrary scripts. (CVE-2022-3140)

Thomas Florian discovered that LibreOffice incorrectly handled crashes when

an encrypted document is open. If the document is recovered upon restarting

LibreOffice, subsequent saves of the document were unencrypted. This issue

only affected Ubuntu 18.04 LTS. (CVE-2020-12801)

Jens Müller discovered that LibreOffice incorrectly handled certain

documents containing forms. If a user were tricked into opening a specially

crafted document, a remote attacker could overwrite arbitrary files when

the form was submitted. This issue only affected Ubuntu 18.04 LTS.

(CVE-2020-12803)

It was discovered that ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
   libreoffice                     1:7.3.6-0ubuntu0.22.04.2

Ubuntu 20.04 LTS:
   libreoffice                     1:6.4.7-0ubuntu0.20.04.6

Ubuntu 18.04 LTS:
   libreoffice                     1:6.0.7-0ubuntu0.18.04.12

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5694-1

CVE-2020-12801, CVE-2020-12803, CVE-2022-26305, CVE-2022-26306,

CVE-2022-26307, CVE-2022-3140

Severity
critical
Lowest
Low
Medium
High
Critical

October 20, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.