Relatively recently Ubuntu 16.04 LTS has been released and as we know, it is inevitable that in the beginning of the life of the new versions, some problems or vulnerabilities will arise that are discovered and solved.
Well, yesterday, Canonical released a statement stating that the repositories of LibreOffice they had been completely updated. And it is that a vulnerability had been discovered that endangered system security, allowing an attacker to start malware at login. If you want to know what this update is based on, we recommend that you read the full article 😉
according to the official statement, This update affects the following versions of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 15.10
- Ubuntu 12.04 LTS
In addition, the problem that has already been fixed also affected some versions of Arch Linux and Debian.
The problem comes because LibreOffice had been discovered managed RTF documents incorrectly. And is that if you trick the user to open a maliciously manipulated RTF document, it could cause LibreOffice to crash, in addition to being able to run arbitrary code.
To fix this vulnerability in Ubuntu, ArchLinux or Debian, it is enough with updating LibreOffice to the latest stable version. It seems that the most stable version at the moment, is LibreOffice 5.1.4. This version can be downloaded from Ubuntu’s official site on the Launchpad, doing scroll down to the section downloads and downloading the corresponding package to our system. If you are using any of the affected versions of Ubuntu, you can download LibreOffice 5.1.4 from here.
Also, for the more curious, if you want to see exactly the source code (in C ++) that has been corrected, you can take a look at the diffs which have also been uploaded to Launchpad (in the section Available diffs).
We hope you found the article helpful and that you update as soon as possible in the latest stable version of LibreOffice, if you use any of the affected versions of Ubuntu, Arch Linux, or Debian. Failure to do so could force an attacker to use a specially manipulated RTF file and cause a system crash without you even realizing it.