Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 543
Alerts This Week
Warning Icon 1 543

Ubuntu 22.04 LTS: USN-6144-1 Moderate: LibreOffice Array Index Attack

ubuntu
Calendar Grey June 7, 2023
Dist Ubuntu Esm H88
Multiple security issues were fixed in LibreOffice for Ubuntu 22.04 and 20.04 LTS addressing important vulnerabilities.
Several security issues were fixed in LibreOffice.

Summary

Several security issues were fixed in LibreOffice.

Software Description:

- libreoffice: Office productivity suite

Details:

It was discovered that LibreOffice did not properly validate the number of

parameters passed to the formula interpreter, leading to an array index

underflow attack. If a user were tricked into opening a specially crafted

spreadsheet file, an attacker could possibly use this issue to execute

arbitrary code. (CVE-2023-0950)

Amel Bouziane-Leblond discovered that LibreOffice did not prompt the user

before loading the host document inside an IFrame. If a user were tricked

into opening a specially crafted input file, an attacker could possibly use

this issue to cause information disclosure or execute arbitrary code.

(CVE-2023-2255)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  libreoffice                     1:7.3.7-0ubuntu0.22.04.3

Ubuntu 20.04 LTS:
  libreoffice                     1:6.4.7-0ubuntu0.20.04.8

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6144-1

CVE-2023-0950, CVE-2023-2255

June 07, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.