From: Marc Deslauriers <marc.deslauriers@canonical.com>

Reply-To: Ubuntu Security <security@ubuntu.com>

To: ubuntu-security-announce@lists.ubuntu.com

Message-ID: <f20b8e66-3bbd-f2bc-2613-f336eca314ad@canonical.com>

Subject: [USN-3273-1] LibreOffice vulnerabilities



==========================================================================

Ubuntu Security Notice USN-3273-1

May 02, 2017



libreoffice vulnerabilities

==========================================================================



A security issue affects these releases of Ubuntu and its derivatives:



- Ubuntu 16.10

- Ubuntu 16.04 LTS

- Ubuntu 14.04 LTS



Summary:



LibreOffice could be made to crash or run programs as your login if it

opened a specially crafted EMF file.



Software Description:

- libreoffice: Office productivity suite



Details:



It was discovered that LibreOffice incorrectly handled EMF image files.

If a user were tricked into opening a specially crafted EMF image file, a

remote attacker could cause LibreOffice to crash, and possibly execute

arbitrary code.



Update instructions:



The problem can be corrected by updating your system to the following

package versions:



Ubuntu 16.10:

libreoffice-core 1:5.2.2-0ubuntu2.1



Ubuntu 16.04 LTS:

libreoffice-core 1:5.1.6~rc2-0ubuntu1~xenial2



Ubuntu 14.04 LTS:

libreoffice-core 1:4.2.8-0ubuntu5.1



After a standard system update you need to restart LibreOffice to make all

the necessary changes.



References:

http://www.ubuntu.com/usn/usn-3273-1

CVE-2016-10327, CVE-2017-7870



Package Information:

https://launchpad.net/ubuntu/+source/libreoffice/1:5.2.2-0ubuntu2.1

https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial2

https://launchpad.net/ubuntu/+source/libreoffice/1:4.2.8-0ubuntu5.1







