Summary: | <app-office/libreoffice-5.4.5.1 and <6.0.1.1: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula (CVE-2018-6871) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Viktor Levin <viklevin2> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jstein, viklevin2 |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055 | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
app-office/libreoffice-5.4.5.1
app-office/libreoffice-l10n-5.4.5.1
app-office/libreoffice-bin-5.4.5.1
app-office/libreoffice-bin-debug-5.4.5.1
|
Runtime testing required: | --- |
Description
Viktor Levin
2018-02-09 22:59:44 UTC
https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055 writes: -------8<---------------------------------------------------------------- LibreOffice Calc supports a WEBSERVICE function to obtain data by URL. Vulnerable versions of LibreOffice allow WEBSERVICE to take a local file URL (e.g file://) which can be used to inject local files into the spreadsheet without warning the user. Subsequent formulas can operate on that inserted data and construct a remote URL whose path leaks the local data to a remote attacker. In later versions of LibreOffice without this flaw, WEBSERVICE has now been limited to accessing http and https URLs along with bringing WEBSERVICE URLs under LibreOffice Calc's link management infrastructure. All users are recommended to upgrade to LibreOffice >= 5.4.5 or >= 6.0.1 Thanks to Ronnie Goodrich and Andrew Krasichkov for discovering this flaw. 5.4.5.1 will be our next stable candidate, higher versions currently available in tree are already unaffected. *bin is ready, so let's add arches. x86 stable amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a883ab4e6e328652f5f15203ef38985966cceab commit 6a883ab4e6e328652f5f15203ef38985966cceab Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-02-16 11:57:36 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-02-16 11:58:42 +0000 app-office/libreoffice*: Cleanup vulnerable 5.4.4.2 Bug: https://bugs.gentoo.org/647186 Package-Manager: Portage-2.3.24, Repoman-2.3.6 app-office/libreoffice-bin-debug/Manifest | 12 - .../libreoffice-bin-debug-5.4.4.2.ebuild | 87 ---- .../libreoffice-bin/libreoffice-bin-5.4.4.2.ebuild | 255 --------- .../libreoffice-l10n-5.4.4.2.ebuild | 88 ---- app-office/libreoffice/libreoffice-5.4.4.2.ebuild | 579 --------------------- 5 files changed, 1021 deletions(-)} ^ cleanup was done, office out. New GLSA request filed. This issue was resolved and addressed in GLSA 201802-06 at https://security.gentoo.org/glsa/201802-06 by GLSA coordinator Thomas Deutschmann (whissi). |