Nacionalni CERT

Sigurnosni nedostatak programskog paketa libreoffice

<p>-----BEGIN PGP SIGNED MESSAGE-----<br />Hash: SHA512<br /><br />- -------------------------------------------------------------------------<br />Debian Security Advisory DSA-4111-2 security@debian.org<br />https://www.debian.org/security/ Moritz Muehlenhoff<br />February 12, 2018 https://www.debian.org/security/faq<br />- -------------------------------------------------------------------------<br /><br />Package : libreoffice<br />CVE ID : CVE-2018-6871<br /><br />Mikhail Klementev, Ronnie Goodrich and Andrew Krasichkov discovered that<br />missing restrictions in the implementation of the WEBSERVICE function<br />in LibreOffice could result in the disclosure of arbitrary files<br />readable by the user who opens a malformed document.<br /><br />For the oldstable distribution (jessie), this problem has been fixed in<br />version 1:4.3.3-2+deb8u10<br /><br />We recommend that you upgrade your libreoffice packages.<br /><br />For the detailed security status of libreoffice please refer to<br />its security tracker page at:<br />https://security-tracker.debian.org/tracker/libreoffice<br /><br />Further information about Debian Security Advisories, how to apply<br />these updates to your system and frequently asked questions can be<br />found at: https://www.debian.org/security/<br /><br />Mailing list: debian-security-announce@lists.debian.org<br />-----BEGIN PGP SIGNATURE-----<br /><br />iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlqCAoEACgkQEMKTtsN8<br />Tja0gA/+Ib8qDtRzz8YnLktoEl80OfDPjr/7cxUiTxEU3UoDz9FhhIcT2kyBVM9v<br />UC95mxedDUQmL60EVM1xYs9ACbs0CkX8NNmm4KAbSaVwsoobXZnFi/p6FJyz2KEy<br />Sm1PJRY1BtkRv/cM5FxqF3AeoQVXaARXh/ibb6akzX801U3ZVXxfkykESygZaOgA<br />8XWh7JNzA6S2FRupEaGJ2xrGyqIELwE8lV63CWrxdmf3q+FIn0IbM2SpY5vF/Bpj<br />IesRtLZ1QJ4wzL4/tHanX7fAQ+3+9T2JLAm6klFWcL83VOb5RuDMY4o0hqHVLFk+<br />ropJ5z6d/9+b1OoKDVUaZFmqOZfX8obKZiUpBaUFuWN9KlsGbAiShm6ILMKzqeDb<br />5l+2JgpabK6Uv7utkjYsapwsp403w2Ql5vf7bp8M/Rqj92NAq9DSiY2gmkIkxOwU<br />PlSWm7whDVbY+CHPTu0SbUo3TPuLIstmZeX0U6EeTl3WQwTP8yrgGw/b86fJPBTp<br />6z1CP7Hwqd4FKl5ZKvBIOomiBqo4IwnokJ4XOkcsz2ijxF4+BB29CeNRZo2rYuz4<br />aMVHmXegIGKAzJXr356ZRw7cOqbYLHcboF176e+SfLyaeGX9BwR4IrBW8c2FMNrc<br />5rOJF7BpnFnuVsMA+4RmSMKYNDzV78AI8JNho/pJTHIyk2Z4RJI=<br />=mTvw<br />-----END PGP SIGNATURE-----</p>
Otkriven je sigurnosni nedostatak u programskom paketu libreoffice za operacijski sustav Debian. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje informacija. Savjetuje se ažuriranje izdanim zakrpama.