Package "libreoffice"

Name: libreoffice


office productivity suite (metapackage)

Latest version: 1:5.1.6~rc2-0ubuntu1~xenial9
Release: xenial (16.04)
Level: security
Repository: universe
Homepage: http://www.libreoffice.org


Save this URL for the latest version of "libreoffice": https://www.ubuntuupdates.org/libreoffice

Download "libreoffice"

Other versions of "libreoffice" in Xenial

Repository Area Version
base main 5.1.2-0ubuntu1
base universe 1:5.1.2-0ubuntu1
security main 5.1.6~rc2-0ubuntu1~xenial9
updates universe 1:5.1.6~rc2-0ubuntu1~xenial9
updates main 5.1.6~rc2-0ubuntu1~xenial9
PPA: Mint Import 1:4.4.3~rc2-0ubuntu1~trusty1
PPA: Mint Import 1:5.0.3~rc2-0ubuntu1~trusty2
PPA: LibreOffice 1:6.2.5-0ubuntu0.16.04.1~lo1

Packages in group

Deleted packages are displayed in grey.


Version: 1:5.1.6~rc2-0ubuntu1~xenial9 2019-08-19 13:08:52 UTC

  libreoffice (1:5.1.6~rc2-0ubuntu1~xenial9) xenial-security; urgency=medium

  * SECURITY UPDATE: Insufficient URL validation allowing LibreLogo script execution
    - debian/patches/CVE-2019-9850_1_2.diff: decode escape codes and ban scripts
      with "LibreLogo" anywhere in its path.
    - CVE-2019-9850
  * SECURITY UPDATE: LibreLogo global-event script execution
    - debian/patches/CVE-2019-9850_1_2.diff: catch more LibreLogo script executions
      by expanding check to global events.
    - CVE-2019-9851
  * SECURITY UPDATE: Insufficient URL encoding flaw in allowed script location check
    - debian/patches/CVE-2019-9850_1_2.diff: ensure that all URLs leaving
      scriptURI2StorageUri() are percent-encoded.
    - CVE-2019-9852

 -- Marcus Tomlinson <email address hidden> Wed, 14 Aug 2019 15:16:33 +0100

Source diff to previous version
CVE-2019-9850 LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained
CVE-2019-9851 LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained
CVE-2019-9852 LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document

Version: 1:5.1.6~rc2-0ubuntu1~xenial8 2019-07-17 19:06:35 UTC

  libreoffice (1:5.1.6~rc2-0ubuntu1~xenial8) xenial-security; urgency=medium

  * SECURITY UPDATE: LibreLogo arbitrary script execution
    - debian/patches/CVE-2019-9848.diff: don't allow LibreLogo to be used with
      mouseover/etc dom-alike events.
    - CVE-2019-9848
  * SECURITY UPDATE: Remote bullet graphics retrieved in 'stealth mode'
    - debian/patches/CVE-2019-9849.diff: include bullet graphics in 'stealth
      mode' protection.
    - CVE-2019-9849

 -- Marcus Tomlinson <email address hidden> Tue, 16 Jul 2019 17:28:21 +0100

Source diff to previous version
CVE-2019-9848 LibreLogo arbitrary script execution
CVE-2019-9849 remote bullet graphics retrieved in 'stealth mode'

Version: 1:5.1.6~rc2-0ubuntu1~xenial6 2019-02-06 16:08:06 UTC

  libreoffice (1:5.1.6~rc2-0ubuntu1~xenial6) xenial-security; urgency=medium

  * SECURITY UPDATE: incorrect integer data type in StgSmallStrm class
    - debian/patches/CVE-2018-10119.patch: use short->sal_Int32 like in
      StgDataStrm in sot/source/sdstor/stgstrms.cxx.
    - CVE-2018-10119
  * SECURITY UPDATE: heap-based buffer overflow in SwCTBWrapper::Read
    - debian/patches/CVE-2018-10120.patch: check index before use in
    - CVE-2018-10120
  * SECURITY UPDATE: information disclosure vulnerability via SMB link
    - debian/patches/CVE-2018-10583.patch: set Referer on link
      mediadescriptor in sw/source/filter/xml/xmltexti.cxx.
    - CVE-2018-10583
  * SECURITY UPDATE: Directory traversal flaw in script execution
    - debian/patches/CVE-2018-16858.patch: keep pyuno script processing
      below base uri in scripting/source/pyprov/pythonscript.py.
    - CVE-2018-16858

 -- Marc Deslauriers <email address hidden> Mon, 28 Jan 2019 11:59:02 -0500

Source diff to previous version
CVE-2018-10119 sot/source/sdstor/stgstrms.cxx in LibreOffice before and 6.x before uses an incorrect integer data type in the StgSmallStrm class, wh
CVE-2018-10120 The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before and 6.x before does not validate a custo
CVE-2018-10583 An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB co
CVE-2018-16858 Remote Code Execution via Macro/Event execution

Version: 1:5.1.6~rc2-0ubuntu1~xenial3 2018-02-21 21:09:27 UTC

  libreoffice (1:5.1.6~rc2-0ubuntu1~xenial3) xenial-security; urgency=medium

  [ Marc Deslauriers ]

  * SECURITY UPDATE: remote arbitrary file disclosure vulnerability using
    - debian/patches/CVE-2018-6871-1.patch: limit WEBSERVICE to http[s]
    - debian/patches/CVE-2018-6871-2.patch: better handle ScDde formulas
      with missing dde-link entries.
    - debian/patches/CVE-2018-6871-3.patch: handle ocWebservice similarly
      to ocDde.
    - debian/patches/CVE-2018-6871-4.patch: CheckLinkFormulaNeedingCheck()
      for .xls and .xlsx formula cells.
    - debian/patches/CVE-2018-6871-5.patch: CheckLinkFormulaNeedingCheck()
      for conditional format expressions
    - debian/patches/CVE-2018-6871-6.patch: CheckLinkFormulaNeedingCheck()
      for named expressions
    - debian/patches/CVE-2018-6871-7.patch: fix for DDE link update via
      Function Wizard
    - CVE-2018-6871
  * SECURITY UPDATE: use-after-free in SwRootFrame
    - debian/patches/layout-footnote-use-after-free.diff: fix layout
      footnote use-after-free in SwRootFrame.
    - No CVE number.

 -- Olivier Tilloy <email address hidden> Sat, 17 Feb 2018 22:55:08 +0100

Source diff to previous version
CVE-2018-6871 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.

Version: 1:5.1.6~rc2-0ubuntu1~xenial2 2017-05-02 19:07:07 UTC

  libreoffice (1:5.1.6~rc2-0ubuntu1~xenial2) xenial-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in ReadEnhWMF function
    - debian/patches/CVE-2016-10327.patch: add check to
    - CVE-2016-10327
  * SECURITY UPDATE: out-of-bounds write in tools::Polygon::Insert function
    - debian/patches/CVE-2017-7870.patch: check if ImplSplit succeeded in
      tools/inc/poly.h, tools/source/generic/poly.cxx.
    - CVE-2017-7870

 -- Marc Deslauriers <email address hidden> Fri, 28 Apr 2017 09:51:22 -0400

CVE-2016-1032 Adobe Flash Player before and 19.x through 21.x before on Windows and OS X and before on Linux allows attackers to
CVE-2017-7870 LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in too

About   -   Send Feedback to @ubuntu_updates