Lucene search

UbuntuUSN-3579-3

HistoryMar 07, 2018 - 12:00 a.m.

LibreOffice regression

2018-03-0700:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.593 Medium

EPSS

Percentile

97.8%

JSON

Releases

Ubuntu 17.10

Packages

libreoffice - Office productivity suite

Details

USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was
no longer possible for LibreOffice to open documents from certain
locations outside of the user’s home directory. This update fixes the
problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that =WEBSERVICE calls in a document could be used to
read arbitrary files. If a user were tricked in to opening a specially
crafted document, a remote attacker could exploit this to obtain sensitive
information. (CVE-2018-6871)

OSVersionArchitecturePackageVersionFilename
Ubuntu17.10noarchlibreoffice-common< 1:5.4.5-0ubuntu0.17.10.5UNKNOWN
Ubuntu17.10noarchfonts-opensymbol< 2:102.10+LibO5.4.5-0ubuntu0.17.10.5UNKNOWN
Ubuntu17.10noarchgir1.2-lokdocview-0.1< 1:5.4.5-0ubuntu0.17.10.5UNKNOWN
Ubuntu17.10noarchliblibreofficekitgtk< 1:5.4.5-0ubuntu0.17.10.5UNKNOWN
Ubuntu17.10noarchliblibreofficekitgtk-dbgsym< 1:5.4.5-0ubuntu0.17.10.5UNKNOWN
Ubuntu17.10noarchlibreoffice< 1:5.4.5-0ubuntu0.17.10.5UNKNOWN
Ubuntu17.10noarchlibreoffice-avmedia-backend-gstreamer< 1:5.4.5-0ubuntu0.17.10.5UNKNOWN
Ubuntu17.10noarchlibreoffice-avmedia-backend-gstreamer-dbgsym< 1:5.4.5-0ubuntu0.17.10.5UNKNOWN
Ubuntu17.10noarchlibreoffice-base< 1:5.4.5-0ubuntu0.17.10.5UNKNOWN
Ubuntu17.10noarchlibreoffice-base-core< 1:5.4.5-0ubuntu0.17.10.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	17.10	noarch	libreoffice-common	< 1:5.4.5-0ubuntu0.17.10.5	UNKNOWN
Ubuntu	17.10	noarch	fonts-opensymbol	< 2:102.10+LibO5.4.5-0ubuntu0.17.10.5	UNKNOWN
Ubuntu	17.10	noarch	gir1.2-lokdocview-0.1	< 1:5.4.5-0ubuntu0.17.10.5	UNKNOWN
Ubuntu	17.10	noarch	liblibreofficekitgtk	< 1:5.4.5-0ubuntu0.17.10.5	UNKNOWN
Ubuntu	17.10	noarch	liblibreofficekitgtk-dbgsym	< 1:5.4.5-0ubuntu0.17.10.5	UNKNOWN
Ubuntu	17.10	noarch	libreoffice	< 1:5.4.5-0ubuntu0.17.10.5	UNKNOWN
Ubuntu	17.10	noarch	libreoffice-avmedia-backend-gstreamer	< 1:5.4.5-0ubuntu0.17.10.5	UNKNOWN
Ubuntu	17.10	noarch	libreoffice-avmedia-backend-gstreamer-dbgsym	< 1:5.4.5-0ubuntu0.17.10.5	UNKNOWN
Ubuntu	17.10	noarch	libreoffice-base	< 1:5.4.5-0ubuntu0.17.10.5	UNKNOWN
Ubuntu	17.10	noarch	libreoffice-base-core	< 1:5.4.5-0ubuntu0.17.10.5	UNKNOWN