*** This bug is a security vulnerability *** Public security bug reported:
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871 LibreOffice through 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE function. Current version 1:5.1.2-0ubuntu1 in Ubuntu 16.04.3 is confirmed to be affected ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: libreoffice-common 1:5.1.6~rc2-0ubuntu1~xenial2 ProcVersionSignature: Ubuntu 4.4.0-112.135-generic 4.4.98 Uname: Linux 4.4.0-112-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.15 Architecture: amd64 CurrentDesktop: GNOME-Flashback:Unity Date: Mon Feb 12 14:19:03 2018 InstallationDate: Installed on 2016-04-22 (661 days ago) InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1) PackageArchitecture: all SourcePackage: libreoffice UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: libreoffice (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug xenial ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1748889 Title: [CVE-2018-6871] LibreOffice allows remote attackers to read arbitrary files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1748889/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
