Headline
Ubuntu Security Notice USN-6144-1
Ubuntu Security Notice 6144-1 - It was discovered that LibreOffice did not properly validate the number of parameters passed to the formula interpreter, leading to an array index underflow attack. If a user were tricked into opening a specially crafted spreadsheet file, an attacker could possibly use this issue to execute arbitrary code. Amel Bouziane-Leblond discovered that LibreOffice did not prompt the user before loading the host document inside an IFrame. If a user were tricked into opening a specially crafted input file, an attacker could possibly use this issue to cause information disclosure or execute arbitrary code.
=========================================================================Ubuntu Security Notice USN-6144-1June 07, 2023libreoffice vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in LibreOffice.Software Description:- libreoffice: Office productivity suiteDetails:It was discovered that LibreOffice did not properly validate the number ofparameters passed to the formula interpreter, leading to an array indexunderflow attack. If a user were tricked into opening a specially craftedspreadsheet file, an attacker could possibly use this issue to executearbitrary code. (CVE-2023-0950)Amel Bouziane-Leblond discovered that LibreOffice did not prompt the userbefore loading the host document inside an IFrame. If a user were trickedinto opening a specially crafted input file, an attacker could possibly usethis issue to cause information disclosure or execute arbitrary code.(CVE-2023-2255)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS: libreoffice 1:7.3.7-0ubuntu0.22.04.3Ubuntu 20.04 LTS: libreoffice 1:6.4.7-0ubuntu0.20.04.8In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6144-1 CVE-2023-0950, CVE-2023-2255Package Information: https://launchpad.net/ubuntu/+source/libreoffice/1:7.3.7-0ubuntu0.22.04.3 https://launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-0ubuntu0.20.04.8Related news
Gentoo Linux Security Advisory 202311-15 - Multiple vulnerabilities have been discovered in LibreOffice, the worst of which could lead to code execution. Versions greater than or equal to 7.5.3.2 are affected.
Debian Linux Security Advisory 5415-1 - Two security issues were discovered in LibreOffice, which could potentially result in the execution of arbitrary code when loading a malformed spreadsheet document or unacknowledged loading of linked documents within a floating frame.
Debian Linux Security Advisory 5415-1 - Two security issues were discovered in LibreOffice, which could potentially result in the execution of arbitrary code when loading a malformed spreadsheet document or unacknowledged loading of linked documents within a floating frame.
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.