Ubuntu Security Notice 3210-1 - Ben Hayak discovered that it was possible to make LibreOffice Calc and Writer disclose arbitrary files to an attacker if a user opened a specially crafted file with embedded links.
eb76a721c6b299a108a59454abfea2068bb742c16cf457993916607f6caffb98
==========================================================================
Ubuntu Security Notice USN-3210-1
February 23, 2017
LibreOffice vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
LibreOffice could be made to disclose files if it opened a specially crafted
file.
Software Description:
- libreoffice: Office productivity suite
Details:
Ben Hayak discovered that it was possible to make LibreOffice Calc and Writer
disclose arbitrary files to an attacker if a user opened a specially crafted
file with embedded links.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
A libreofficeA A A A A A A A A A A A A A A A A A A A A 1:5.1.6~rc2-0ubuntu1~xenial1
A libreoffice-baseA A A A A A A A A A A A A A A A 1:5.1.6~rc2-0ubuntu1~xenial1
A libreoffice-base-coreA A A A A A A A A A A 1:5.1.6~rc2-0ubuntu1~xenial1
A libreoffice-calcA A A A A A A A A A A A A A A A 1:5.1.6~rc2-0ubuntu1~xenial1
A libreoffice-commonA A A A A A A A A A A A A A 1:5.1.6~rc2-0ubuntu1~xenial1
A libreoffice-coreA A A A A A A A A A A A A A A A 1:5.1.6~rc2-0ubuntu1~xenial1
A libreoffice-mathA A A A A A A A A A A A A A A A 1:5.1.6~rc2-0ubuntu1~xenial1
A libreoffice-writerA A A A A A A A A A A A A A 1:5.1.6~rc2-0ubuntu1~xenial1
Ubuntu 14.04 LTS:
A libreofficeA A A A A A A A A A A A A A A A A A A A A 1:4.2.8-0ubuntu5
A libreoffice-baseA A A A A A A A A A A A A A A A 1:4.2.8-0ubuntu5
A libreoffice-base-coreA A A A A A A A A A A 1:4.2.8-0ubuntu5
A libreoffice-calcA A A A A A A A A A A A A A A A 1:4.2.8-0ubuntu5
A libreoffice-commonA A A A A A A A A A A A A A 1:4.2.8-0ubuntu5
A libreoffice-coreA A A A A A A A A A A A A A A A 1:4.2.8-0ubuntu5
A libreoffice-mathA A A A A A A A A A A A A A A A 1:4.2.8-0ubuntu5
A libreoffice-writerA A A A A A A A A A A A A A 1:4.2.8-0ubuntu5
Ubuntu 12.04 LTS:
A libreofficeA A A A A A A A A A A A A A A A A A A A A 1:3.5.7-0ubuntu13
A libreoffice-baseA A A A A A A A A A A A A A A A 1:3.5.7-0ubuntu13
A libreoffice-base-coreA A A A A A A A A A A 1:3.5.7-0ubuntu13
A libreoffice-calcA A A A A A A A A A A A A A A A 1:3.5.7-0ubuntu13
A libreoffice-commonA A A A A A A A A A A A A A 1:3.5.7-0ubuntu13
A libreoffice-coreA A A A A A A A A A A A A A A A 1:3.5.7-0ubuntu13
A libreoffice-mathA A A A A A A A A A A A A A A A 1:3.5.7-0ubuntu13
A libreoffice-writerA A A A A A A A A A A A A A 1:3.5.7-0ubuntu13
In general, a standard system update will make all the necessary changes.
References:
A http://www.ubuntu.com/usn/usn-3210-1
A CVE-2017-3157
Package Information:
A https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial1
A https://launchpad.net/ubuntu/+source/libreoffice/1:4.2.8-0ubuntu5
A https://launchpad.net/ubuntu/+source/libreoffice/1:3.5.7-0ubuntu13