Ubuntu alert USN-6962-1 (libreoffice)


From:
               Marc Deslauriers <marc.deslauriers@canonical.com>
To:
               "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>
Subject:
               [USN-6962-1] LibreOffice vulnerability
Date:
               Thu, 15 Aug 2024 12:33:12 -0400
Message-ID:
               <a9a685e5-519b-4510-be55-902bbd9bb605@canonical.com>
==========================================================================
Ubuntu Security Notice USN-6962-1
August 15, 2024

libreoffice vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

LibreOffice could be made to run programs if it opened a specially crafted
file.

Software Description:
- libreoffice: Office productivity suite

Details:

It was discovered that LibreOffice incorrectly allowed users to enable
macros when a cryptographic signature failed to validate. If a user were
tricked into opening a specially crafted document, a remote attacker could
possibly execute arbitrary macros.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   libreoffice                     4:24.2.5-0ubuntu0.24.04.2

Ubuntu 22.04 LTS
   libreoffice                     1:7.3.7-0ubuntu0.22.04.6

Ubuntu 20.04 LTS
   libreoffice                     1:6.4.7-0ubuntu0.20.04.11

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6962-1
   CVE-2024-6472

Package Information:
   https://launchpad.net/ubuntu/+source/libreoffice/4:24.2.5...
   https://launchpad.net/ubuntu/+source/libreoffice/1:7.3.7-...
   https://launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-...



Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAma+LckACgkQZWnYVadE
vpP0khAApgxYr5bEQUl2exw/xJ8cMT0rUIBuVFLevnr/tm5suOgIl/CI4Bnmw04x
sdPWQFbDCZISvLmJ+ufFIbqgDCCeY3+S2BBjifoB+N3TPNQ/WsBOsuvuiirVrZqK
0FTYgfrjn6nVF/ypWCF/+45H3bVj/lghT2ISnvr3mxrf0t/Kov9mVSZa0ww3JB/C
lTZfC46oWOYjk4kENB7ruo2R/c4uIgmTnTEZqxXbypUf5es6eb20CYBEFc33BC4A
hQ44y+0N00MYTzNxiYiV9QQBd+pdKg+ln1lz0LF2cdSh44CIBHNcVW/fFNWqTrIi
XCxBPToAXzaPUTeEwo2DOSdJGHxU6dzezL2enjK6jRZ64vt947YuyB9oxyqX/fF7
JeRi4ra/ayTTcVs1mLmA6ID5cdQq78ypjJ8s68hNjOU3yF7ehd061D1Q4p3eOhAV
9TWbQPXD+v4JhXtuHYQCRCL3SgP/vAoyY2nim1zz94JqcpwGP8KRKsALhgZiwJqQ
7aaSu1dYlLtljgP8achEEks/MzvOaTzQYaQQsC2AKozi3tQiTKCO9ocjq7KBMPZ9
SsvFkROyClZshr4bgXSYW5Qb8JVlYzicWxZ60wPF2aUSiBfsR6/xELQlzNWSWY3w
yoCCZEhiRygZC2UFQbwF7Q2iOlct4qqquugG4zMfOS/zX5NwoUU=
=uUzG
-----END PGP SIGNATURE-----


Attachment: None (type=text/plain)

From:		Marc Deslauriers <marc.deslauriers@canonical.com>
To:		"ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>
Subject:		[USN-6962-1] LibreOffice vulnerability
Date:		Thu, 15 Aug 2024 12:33:12 -0400
Message-ID:		<a9a685e5-519b-4510-be55-902bbd9bb605@canonical.com>