Ubuntu Security Notice 4063-1 - Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo scripts. If a user were tricked into opening a specially crafted document, a remote attacker could cause LibreOffice to execute arbitrary code. Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handled stealth mode. Contrary to expectations, bullet graphics could be retrieved from remote locations when running in stealth mode. Various other issues were also addressed.
4db3e45df385892f287ef9e4bf4646f8c5b32fd37f24ce860e8e033f281ad717
==========================================================================
Ubuntu Security Notice USN-4063-1
July 17, 2019
libreoffice vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in LibreOffice.
Software Description:
- libreoffice: Office productivity suite
Details:
Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo
scripts. If a user were tricked into opening a specially crafted document,
a remote attacker could cause LibreOffice to execute arbitrary code.
(CVE-2019-9848)
Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handled
stealth mode. Contrary to expectations, bullet graphics could be retrieved
from remote locations when running in stealth mode. (CVE-2019-9849)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libreoffice-core 1:6.2.5-0ubuntu0.19.04.1
Ubuntu 18.04 LTS:
libreoffice-core 1:6.0.7-0ubuntu0.18.04.8
Ubuntu 16.04 LTS:
libreoffice-core 1:5.1.6~rc2-0ubuntu1~xenial8
After a standard system update you need to restart LibreOffice to make all
the necessary changes.
References:
https://usn.ubuntu.com/4063-1
CVE-2019-9848, CVE-2019-9849
Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:6.2.5-0ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/libreoffice/1:6.0.7-0ubuntu0.18.04.8
https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial8