*** This bug is a security vulnerability ***

Public security bug reported:

CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871
LibreOffice through 6.0.1 allows remote attackers to read arbitrary files via 
=WEBSERVICE calls in a document, which use the COM.MICROSOFT.WEBSERVICE 

Current version 1:5.1.2-0ubuntu1 in Ubuntu 16.04.3 is confirmed to be

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: libreoffice-common 1:5.1.6~rc2-0ubuntu1~xenial2
ProcVersionSignature: Ubuntu 4.4.0-112.135-generic 4.4.98
Uname: Linux 4.4.0-112-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.15
Architecture: amd64
CurrentDesktop: GNOME-Flashback:Unity
Date: Mon Feb 12 14:19:03 2018
InstallationDate: Installed on 2016-04-22 (661 days ago)
InstallationMedia: Ubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
PackageArchitecture: all
SourcePackage: libreoffice
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: libreoffice (Ubuntu)
     Importance: Undecided
         Status: New

** Tags: amd64 apport-bug xenial

** Information type changed from Private Security to Public Security

You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

  [CVE-2018-6871] LibreOffice allows remote attackers to read arbitrary

To manage notifications about this bug go to:

ubuntu-bugs mailing list

Reply via email to