*** This bug is a duplicate of bug 1748999 ***
https://bugs.launchpad.net/bugs/1748999
Worth to add: LibreOffice through 6.0.1 allows remote attackers to SEND
arbitrary files to arbitrary servers via =WEBSERVICE calls in a
document!
Tested on Ubuntu 16.04 LTS with LibreOffice Calc version 5.1.6.2 (packet
1:5.1.6~rc2-0ubuntu1~xenial2 from main/xenial-security).
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1748889
Title:
[CVE-2018-6871] LibreOffice allows remote attackers to read arbitrary
files
Status in libreoffice package in Ubuntu:
Fix Committed
Bug description:
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871
LibreOffice through 6.0.1 allows remote attackers to read arbitrary files via
=WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE
function.
Current version 1:5.1.2-0ubuntu1 in Ubuntu 16.04.3 is confirmed to be
affected
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: libreoffice-common 1:5.1.6~rc2-0ubuntu1~xenial2
ProcVersionSignature: Ubuntu 4.4.0-112.135-generic 4.4.98
Uname: Linux 4.4.0-112-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
CurrentDesktop: GNOME-Flashback:Unity
Date: Mon Feb 12 14:19:03 2018
InstallationDate: Installed on 2016-04-22 (661 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64
(20160420.1)
PackageArchitecture: all
SourcePackage: libreoffice
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1748889/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
