Not a user yet?
Log in Register for free Suggest a product
Update

USN-7228-1: LibreOffice vulnerabilities

Ubuntu ServerUbuntu Server
Canonical

USN-7228-1: LibreOffice vulnerabilities
27 January 2025

Several security issues were fixed in LibreOffice.

Releases
Ubuntu 24.10 Ubuntu 24.04 LTS Ubuntu 22.04 LTS Ubuntu 20.04 LTS

Packages
libreoffice - Office productivity suite

Details
Thomas Rinsma discovered that LibreOffice incorrectly handled paths when
processing embedded font files. If a user or automated system were tricked
into opening a specially crafted LibreOffice file, a remote attacker could
possibly use this issue to create arbitrary files ending with ”.ttf”.
(CVE-2024-12425)

Thomas Rinsma discovered that LibreOffice incorrectly handled certain
environment variables and INI file values. If a user or automated system
were tricked into opening a specially crafted LibreOffice file, a remote
attacker could possibly use this issue to exfiltrate sensitive information.
(CVE-2024-12426)

Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 24.10

  • libreoffice - 4:24.8.4-0ubuntu0.24.10.2
    Ubuntu 24.04
  • libreoffice - 4:24.2.7-0ubuntu0.24.04.2
    Ubuntu 22.04
  • libreoffice - 1:7.3.7-0ubuntu0.22.04.8
    Ubuntu 20.04
  • libreoffice - 1:6.4.7-0ubuntu0.20.04.13
    In general, a standard system update will make all the necessary changes.
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad