Lucene search

UbuntuUSN-3579-2

HistoryFeb 28, 2018 - 12:00 a.m.

LibreOffice regression

2018-02-2800:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.593

Percentile

97.8%

JSON

Releases

Ubuntu 17.10

Packages

libreoffice - Office productivity suite

Details

USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was
no longer possible for LibreOffice to open documents from certain
locations outside of the user’s home directory. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that =WEBSERVICE calls in a document could be used to
read arbitrary files. If a user were tricked in to opening a specially
crafted document, a remote attacker could exploit this to obtain sensitive
information. (CVE-2018-6871)

OSVersionArchitecturePackageVersionFilename
Ubuntu17.10noarchlibreoffice-common< 1:5.4.5-0ubuntu0.17.10.4UNKNOWN
Ubuntu17.10noarchfonts-opensymbol< 2:102.10+LibO5.4.5-0ubuntu0.17.10.4UNKNOWN
Ubuntu17.10noarchgir1.2-lokdocview-0.1< 1:5.4.5-0ubuntu0.17.10.4UNKNOWN
Ubuntu17.10noarchliblibreofficekitgtk< 1:5.4.5-0ubuntu0.17.10.4UNKNOWN
Ubuntu17.10noarchliblibreofficekitgtk-dbgsym< 1:5.4.5-0ubuntu0.17.10.4UNKNOWN
Ubuntu17.10noarchlibreoffice< 1:5.4.5-0ubuntu0.17.10.4UNKNOWN
Ubuntu17.10noarchlibreoffice-avmedia-backend-gstreamer< 1:5.4.5-0ubuntu0.17.10.4UNKNOWN
Ubuntu17.10noarchlibreoffice-avmedia-backend-gstreamer-dbgsym< 1:5.4.5-0ubuntu0.17.10.4UNKNOWN
Ubuntu17.10noarchlibreoffice-base< 1:5.4.5-0ubuntu0.17.10.4UNKNOWN
Ubuntu17.10noarchlibreoffice-base-core< 1:5.4.5-0ubuntu0.17.10.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	17.10	noarch	libreoffice-common	< 1:5.4.5-0ubuntu0.17.10.4	UNKNOWN
Ubuntu	17.10	noarch	fonts-opensymbol	< 2:102.10+LibO5.4.5-0ubuntu0.17.10.4	UNKNOWN
Ubuntu	17.10	noarch	gir1.2-lokdocview-0.1	< 1:5.4.5-0ubuntu0.17.10.4	UNKNOWN
Ubuntu	17.10	noarch	liblibreofficekitgtk	< 1:5.4.5-0ubuntu0.17.10.4	UNKNOWN
Ubuntu	17.10	noarch	liblibreofficekitgtk-dbgsym	< 1:5.4.5-0ubuntu0.17.10.4	UNKNOWN
Ubuntu	17.10	noarch	libreoffice	< 1:5.4.5-0ubuntu0.17.10.4	UNKNOWN
Ubuntu	17.10	noarch	libreoffice-avmedia-backend-gstreamer	< 1:5.4.5-0ubuntu0.17.10.4	UNKNOWN
Ubuntu	17.10	noarch	libreoffice-avmedia-backend-gstreamer-dbgsym	< 1:5.4.5-0ubuntu0.17.10.4	UNKNOWN
Ubuntu	17.10	noarch	libreoffice-base	< 1:5.4.5-0ubuntu0.17.10.4	UNKNOWN
Ubuntu	17.10	noarch	libreoffice-base-core	< 1:5.4.5-0ubuntu0.17.10.4	UNKNOWN