Headline
Ubuntu Security Notice USN-6962-1
Ubuntu Security Notice 6962-1 - It was discovered that LibreOffice incorrectly allowed users to enable macros when a cryptographic signature failed to validate. If a user were tricked into opening a specially crafted document, a remote attacker could possibly execute arbitrary macros.
==========================================================================
Ubuntu Security Notice USN-6962-1
August 15, 2024
libreoffice vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
LibreOffice could be made to run programs if it opened a specially crafted
file.
Software Description:
- libreoffice: Office productivity suite
Details:
It was discovered that LibreOffice incorrectly allowed users to enable
macros when a cryptographic signature failed to validate. If a user were
tricked into opening a specially crafted document, a remote attacker could
possibly execute arbitrary macros.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libreoffice 4:24.2.5-0ubuntu0.24.04.2
Ubuntu 22.04 LTS
libreoffice 1:7.3.7-0ubuntu0.22.04.6
Ubuntu 20.04 LTS
libreoffice 1:6.4.7-0ubuntu0.20.04.11
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6962-1
CVE-2024-6472
Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/4:24.2.5-0ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/libreoffice/1:7.3.7-0ubuntu0.22.04.6
https://launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-0ubuntu0.20.04.11
Related news
Red Hat Security Advisory 2024-5886-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Security Advisory 2024-5608-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.
Red Hat Security Advisory 2024-5607-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Security Advisory 2024-5599-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Security Advisory 2024-5598-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 8.
Red Hat Security Advisory 2024-5584-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Security Advisory 2024-5583-03 - An update for libreoffice is now available for Red Hat Enterprise Linux 9.
Debian Linux Security Advisory 5737-1 - If LibreOffice failed to validate a signed macro, it displayed a warning but still allowed execution of the script after printing a warning. Going forward in high macro security mode such macros are now disabled.