USN-6546-2

Details

USN-6546-1 fixed vulnerabilities in LibreOffice. This update provides the corresponding updates for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

Original advisory details:

Reginaldo Silva discovered that LibreOffice incorrectly handled filenames when passing embedded videos to GStreamer. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary GStreamer plugins. (CVE-2023-6185)

Reginaldo Silva discovered that LibreOffice incorrectly handled certain non-typical hyperlinks. If a user were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary scripts. (CVE-2023-6186)

Affected Packages

Ubuntu:20.04:LTSlibreoffice

Fixed in:

1:6.4.7-0ubuntu0.20.04.9

Ubuntu:22.04:LTSlibreoffice

Fixed in:

1:7.3.7-0ubuntu0.22.04.4

References

REPORThttps://ubuntu.com/security/CVE-2023-6185 REPORThttps://ubuntu.com/security/CVE-2023-6186 ADVISORYhttps://ubuntu.com/security/notices/USN-6546-2

USN-6546-2

Details

Affected Packages

References

Upstream

Ecosystems

Timeline