[USN-4063-1] LibreOffice vulnerabilities

Marc Deslauriers marc.deslauriers at canonical.com
Wed Jul 17 18:50:13 UTC 2019

Ubuntu Security Notice USN-4063-1
July 17, 2019

libreoffice vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS


Several security issues were fixed in LibreOffice.

Software Description:
- libreoffice: Office productivity suite


Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo
scripts. If a user were tricked into opening a specially crafted document,
a remote attacker could cause LibreOffice to execute arbitrary code.

Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handled
stealth mode. Contrary to expectations, bullet graphics could be retrieved
from remote locations when running in stealth mode. (CVE-2019-9849)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  libreoffice-core                1:6.2.5-0ubuntu0.19.04.1

Ubuntu 18.04 LTS:
  libreoffice-core                1:6.0.7-0ubuntu0.18.04.8

Ubuntu 16.04 LTS:
  libreoffice-core                1:5.1.6~rc2-0ubuntu1~xenial8

After a standard system update you need to restart LibreOffice to make all
the necessary changes.

  CVE-2019-9848, CVE-2019-9849

Package Information:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20190717/8af74a85/attachment.sig>

More information about the ubuntu-security-announce mailing list