Ubuntu Security Notice 5661-1 - It was discovered that LibreOffice incorrectly validated macro signatures. If a user were tricked into opening a specially crafted document, a remote attacker could possibly use this issue to execute arbitrary macros. It was discovered that Libreoffice incorrectly handled encrypting the master key provided by the user for storing passwords for web connections. A local attacker could possibly use this issue to obtain access to passwords stored in the user's configuration data.
9f559e71aa63f71392cdc23725777737cb8bc0b583d63f1a91b196b67d27608a
==========================================================================
Ubuntu Security Notice USN-5661-1
October 06, 2022
libreoffice vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in LibreOffice.
Software Description:
- libreoffice: Office productivity suite
Details:
It was discovered that LibreOffice incorrectly validated macro signatures.
If a user were tricked into opening a specially crafted document, a remote
attacker could possibly use this issue to execute arbitrary macros.
(CVE-2022-26305)
It was discovered that Libreoffice incorrectly handled encrypting the
master key provided by the user for storing passwords for web connections.
A local attacker could possibly use this issue to obtain access to
passwords stored in the user's configuration data. (CVE-2022-26306,
CVE-2022-26307)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libreoffice 1:6.4.7-0ubuntu0.20.04.5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5661-1
CVE-2022-26305, CVE-2022-26306, CVE-2022-26307
Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-0ubuntu0.20.04.5