=========================================================================
Ubuntu Security Notice USN-6023-1
April 17, 2023

libreoffice vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

• Ubuntu 20.04 LTS
• Ubuntu 18.04 LTS

Summary:

LibreOffice could be made to run arbitrary code if an empty entry to the
java class path is configured.

Software Description:

• libreoffice: Office productivity suite

Details:

It was discovered that LibreOffice may be configured to add an
empty entry to the Java class path. This may lead to run arbitrary
Java code from the current directory.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
libreoffice 1:6.4.7-0ubuntu0.20.04.7

Ubuntu 18.04 LTS:
libreoffice 1:6.0.7-0ubuntu0.18.04.13

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6023-1
CVE-2022-38745

Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-0ubuntu0.20.04.7
https://launchpad.net/ubuntu/+source/libreoffice/1:6.0.7-0ubuntu0.18.04.13