Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 23.10 USN-6546-1 critical: LibreOffice code execution risks

ubuntu
Calendar Grey December 11, 2023
Dist Ubuntu Esm H88
Recent security evaluations of LibreOffice on Ubuntu have uncovered vulnerabilities that enable remote code execution, underscoring the need for user and system protection
Several security issues were fixed in LibreOffice.

Summary

Several security issues were fixed in LibreOffice.

Software Description:

- libreoffice: Office productivity suite

Details:

Reginaldo Silva discovered that LibreOffice incorrectly handled filenames

when passing embedded videos to GStreamer. If a user were tricked into

opening a specially crafted file, a remote attacker could possibly use this

issue to execute arbitrary GStreamer plugins. (CVE-2023-6185)

Reginaldo Silva discovered that LibreOffice incorrectly handled certain

non-typical hyperlinks. If a user were tricked into opening a specially

crafted file, a remote attacker could possibly use this issue to execute

arbitrary scripts. (CVE-2023-6186)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   libreoffice                     4:7.6.4-0ubuntu0.23.10.1

Ubuntu 23.04:
   libreoffice                     4:7.5.9-0ubuntu0.23.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6546-1

CVE-2023-6185, CVE-2023-6186

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6546-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here