Sicherheit: Zwei Probleme in LibreOffice

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============5029041325643494465==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="J2ynksSj3ulJ07zLaXsmwmpYRlDCbrLjj"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--J2ynksSj3ulJ07zLaXsmwmpYRlDCbrLjj
Content-Type: multipart/mixed;
boundary="pz4QAAKmx4UAL7IlfGHOS7UDD9H0v8bZr";
protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <b13ed62a-ae17-a7d8-46d6-bb3a090a317c@canonical.com>
Subject: [USN-4063-1] LibreOffice vulnerabilities

--pz4QAAKmx4UAL7IlfGHOS7UDD9H0v8bZr
Content-Type: text/plain; charset=utf-8
Content-Language: en-C
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-4063-1
July 17, 2019

libreoffice vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in LibreOffice.

Software Description:
- libreoffice: Office productivity suite

Details:

Nils Emmerich discovered that LibreOffice incorrectly handled LibreLogo
scripts. If a user were tricked into opening a specially crafted document,
a remote attacker could cause LibreOffice to execute arbitrary code.
(CVE-2019-9848)

Matei "Mal" Badanoiu discovered that LibreOffice incorrectly handled
stealth mode. Contrary to expectations, bullet graphics could be retrieved
from remote locations when running in stealth mode. (CVE-2019-9849)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
libreoffice-core 1:6.2.5-0ubuntu0.19.04.1

Ubuntu 18.04 LTS:
libreoffice-core 1:6.0.7-0ubuntu0.18.04.8

Ubuntu 16.04 LTS:
libreoffice-core 1:5.1.6~rc2-0ubuntu1~xenial8

After a standard system update you need to restart LibreOffice to make all
the necessary changes.

References:
https://usn.ubuntu.com/4063-1
CVE-2019-9848, CVE-2019-9849

Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/1:6.2.5-0ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/libreoffice/1:6.0.7-0ubuntu0.18.04.8
https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial8

--pz4QAAKmx4UAL7IlfGHOS7UDD9H0v8bZr--

--J2ynksSj3ulJ07zLaXsmwmpYRlDCbrLjj
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0vbeUACgkQZWnYVadE
vpPWaRAArCmLDvxNJZOauwfW22i4khhaLZi1B5wLeO/V+BKorVgNYPQ28MiT+ToX
4jVn9LxWvnrDYrQ0uba52t3jl3/Md8t42eo6Z2XxD6hSTh7EPTs+v8Kevde3Gl1F
z8gnF9CLfBkNKfYQdbtrr0jFhR3bR5tuaQCeYhtAXrsIR15mATwTHRCRMA1uAaqt
D09hc56Y+mPKgg9PM7s2fGmgrmGoIBBxfT/xxqZnXeY28YaD4vctuudTnHQRZR2L
/pLxP229eaCiCsueeWhzA5zwF1FPw5iSsuTL6PPt8OlMg94EaDBKzK4znndjzKaK
jOCkY+nUUp0tBq1hnJ3xON4UfAOpTR3BJ68nbot+4rbbsohMkDa5lJxSabP+zsFC
/F1knoQdclqCpBw1JyxeQ36YJsgAd0vnn492DWDSAZOFpUu/zikJqvjNKpxLevm8
Qjp6mSpCUMdBKf3OUhURJ9SNtI3tVoZNz2CyA64lvv8QXcz0UNOs2oa2D+rTXDwN
2GnWST9lQp1/g3OL3k4Jja8lkpdCHXk+gus9SRy02fc4RWxeuz9zVPo9X8u28RP0
DgfWnAlMXfDFOqTdcWGNcNsPIbZv5ym+t1/Ni+gWZ9sVBZj7pv2osGLzmu5NWrSy
YXtMC9m1qnDLtCHcGADMa4YMYWnQ1iX+XipsSnANfE7PCWJFthY=
=24xf
-----END PGP SIGNATURE-----

--J2ynksSj3ulJ07zLaXsmwmpYRlDCbrLjj--

--===============5029041325643494465==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5
LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl
IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj
dXJpdHktYW5ub3VuY2UK

--===============5029041325643494465==--