USN-2793-1: LibreOffice vulnerabilities | Ubuntu security notices | Ubuntu

2 min read Original article ↗

Publication date

5 November 2015

Overview

Several security issues were fixed in LibreOffice.

Details

Federico Scrinzi discovered that LibreOffice incorrectly handled documents
inserted into Writer or Calc via links. If a user were tricked into opening
a specially crafted document, a remote attacker could possibly obtain the
contents of arbitrary files. (CVE-2015-4551)

It was discovered that LibreOffice incorrectly handled PrinterSetup data
stored in ODF files. If a user were tricked into opening a specially
crafted ODF document, a remote attacker could cause LibreOffice to crash,
and possibly execute arbitrary code. (CVE-2015-5212)

It was discovered that LibreOffice incorrectly handled the number of pieces
in DOC files. If a user were tricked into opening a specially crafted DOC
document, a remote attacker could cause LibreOffice to crash, and possibly
execute arbitrary code. (CVE-2015-5213)

It was discovered...

Federico Scrinzi discovered that LibreOffice incorrectly handled documents
inserted into Writer or Calc via links. If a user were tricked into opening
a specially crafted document, a remote attacker could possibly obtain the
contents of arbitrary files. (CVE-2015-4551)

It was discovered that LibreOffice incorrectly handled PrinterSetup data
stored in ODF files. If a user were tricked into opening a specially
crafted ODF document, a remote attacker could cause LibreOffice to crash,
and possibly execute arbitrary code. (CVE-2015-5212)

It was discovered that LibreOffice incorrectly handled the number of pieces
in DOC files. If a user were tricked into opening a specially crafted DOC
document, a remote attacker could cause LibreOffice to crash, and possibly
execute arbitrary code. (CVE-2015-5213)

It was discovered that LibreOffice incorrectly handled bookmarks in DOC
files. If a user were tricked into opening a specially crafted DOC
document, a remote attacker could cause LibreOffice to crash, and possibly
execute arbitrary code. (CVE-2015-5214)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.