[USN-6023-1] LibreOffice vulnerability
Leonidas S. Barbosa
leo.barbosa at canonical.com
Mon Apr 17 12:41:46 UTC 2023
==========================================================================
Ubuntu Security Notice USN-6023-1
April 17, 2023
libreoffice vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
LibreOffice could be made to run arbitrary code if an empty entry to the
java class path is configured.
Software Description:
- libreoffice: Office productivity suite
Details:
It was discovered that LibreOffice may be configured to add an
empty entry to the Java class path. This may lead to run arbitrary
Java code from the current directory.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libreoffice 1:6.4.7-0ubuntu0.20.04.7
Ubuntu 18.04 LTS:
libreoffice 1:6.0.7-0ubuntu0.18.04.13
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6023-1
CVE-2022-38745
Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-0ubuntu0.20.04.7
https://launchpad.net/ubuntu/+source/libreoffice/1:6.0.7-0ubuntu0.18.04.13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20230417/f9c35cb4/attachment.sig>
More information about the ubuntu-security-announce
mailing list