[USN-6144-1] LibreOffice vulnerabilities
nishit.majithia at canonical.com
Wed Jun 7 07:48:40 UTC 2023
Ubuntu Security Notice USN-6144-1
June 07, 2023
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Several security issues were fixed in LibreOffice.
- libreoffice: Office productivity suite
It was discovered that LibreOffice did not properly validate the number of
parameters passed to the formula interpreter, leading to an array index
underflow attack. If a user were tricked into opening a specially crafted
spreadsheet file, an attacker could possibly use this issue to execute
arbitrary code. (CVE-2023-0950)
Amel Bouziane-Leblond discovered that LibreOffice did not prompt the user
before loading the host document inside an IFrame. If a user were tricked
into opening a specially crafted input file, an attacker could possibly use
this issue to cause information disclosure or execute arbitrary code.
The problem can be corrected by updating your system to the following
Ubuntu 22.04 LTS:
Ubuntu 20.04 LTS:
In general, a standard system update will make all the necessary changes.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 659 bytes
Desc: not available
More information about the ubuntu-security-announce