If you use LibreOffice update now, because two vulnerabilities were detected

vulnerability

If exploited, these flaws can allow attackers to gain unauthorized access to sensitive information or generally cause problems

Information released about two vulnerabilities detected in the LibreOffice office suite, one of them is considered potentially the most dangerous, since as such it allows the execution of code when opening a specially designed document.

The first vulnerability (already cataloged under CVE-2023-0950) is notable as it could potentially be exploited by allowing code to be executed on the system by opening a spreadsheet that includes specially modified formulas.

It is mentioned that in affected versions of LibreOffice, certain spreadsheet formulas malformed, with AGGREGATE could be created with fewer parameters than expected. The problem is caused by an underflow of the array index in the formula parsing code (ScInterpreter) used in spreadsheet processing.

The LibreOffice spreadsheet module supports multiple formulas that take multiple parameters. Formulas are interpreted by 'ScInterpreter' which extracts the required parameters for a given formula from a stack.

The second vulnerability and the most dangerous is (CVE-2023-2255) and this becomes extremely important, since allows an attacker to prepare a document specially designed that, when opened without notice or warning, will load external links, which does not correspond to the declared behavior of LibreOffice, which implies a warning when loading related content.

In affected versions of LibreOffice, these iframes get and display their linked document without prompting when loading the host document. This was not consistent with the behavior of other linked document content, such as OLE objects, linked sections of Writer, or CALC WEBSERVICE formulas that warn the user that there are linked documents and ask if they should be allowed to update.

The issue is caused by a bug in the permission request code when using the "Floating Frames" mechanism, which is similar to an iframe in HTML and allows content from external files to be dynamically included in the document.

Finally it is mentioned that the first vulnerability was corrected without much publicity in the March versions 7.4.6 and 7.5.1 in which the parameter count is already validated and the second vulnerability was corrected in the May updates of LibreOffice 7.4.7 and 7.5.3 in which the existing update link manager has been extended to additionally control updating IFrames content.

How to install LibreOffice 7.5.3?

For those interested in being able to update their office suite, they should know that they may already be on the most current version, which is version 7.5.3.

If you are not yet on this version, you can execute the update commands of your distribution or, in that case, you can do the process manually. for it first we must first uninstall the previous version, this is in order to avoid later problems.

To do this we must open a terminal and execute the following (for example in Ubuntu and derivatives):

sudo apt-get remove --purge libreoffice*
sudo apt-get clean
sudo apt-get autoremove

Now we will proceed to go to the official website of the project where in your download section we can get deb package to be able to install it in our system.

Done the download we are going to unzip the content of the newly purchased package with:

tar -xzvf LibreOffice_7.5.3_Linux*.tar.gz

We enter the directory created after unzipping, in my case it is the 64-bit:

cd LibreOffice_7.5.3_Linux_x86-64_deb

Then we go to the folder where the LibreOffice deb files are:

cd DEBS

And finally we install with:

sudo dpkg -i *.deb

How to install LibreOffice 7.5.3 on Fedora, openSUSE and derivatives?

Si you are using a system that has the support to install rpm packages, You can install this new update by obtaining the rpm package from the LibreOffice download page.

Obtained the package we unzip with:

tar -xzvf LibreOffice_7.5.3_Linux_x86-64_rpm.tar.gz

And we install the packages that the folder contains with:

sudo rpm -Uvh *.rpm

How to install LibreOffice 7.5.3 on Arch Linux, Manjaro and derivatives?

In the case of Arch and its derived systems We can install this version of LibreOffice, we just open a terminal and type:

sudo pacman -Sy libreoffice-fresh


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.