Relatively recently Ubuntu 16.04 LTS It has been released and as we well know, it is inevitable that in the beginning of life of the new versions, some problems or vulnerabilities will arise that are discovered and solved.
Well, yesterday, Canonical released a statement in which it reported that the LibreOffice repositories they had been completely updated. And it is that a vulnerability had been discovered that endangered the security of the system, causing an attacker to start malware at the beginning of the session. If you want to know what this update is based on, we recommend that you read the full article 😉
According to official statement, this update affects the following versions of Ubuntu and its derivatives:
- Ubuntu LTS 16.04
- Ubuntu 15.10
- Ubuntu LTS 12.04
In addition, the problem that has already been fixed, also affected some versions of Arch Linux and Debian.
The problem comes because it had been discovered that LibreOffice handled RTF documents incorrectly. And it is that in case of tricking the user into opening a maliciously manipulated RTF document, it could cause LibreOffice to crash, in addition to being able to execute arbitrary code.
To correct this vulnerability in Ubuntu, ArchLinux or Debian, just with updating LibreOffice to the latest stable version. It seems that the most stable version today is LibreOffice 5.1.4. This version can be downloaded from the Ubuntu official site the LaunchpadMaking scroll down to paragraph Downloads and downloading the corresponding package to our system. If you are using any of the affected Ubuntu versions, you can download LibreOffice 5.1.4 from here.
Also, for the most curious, if you want to see exactly the source code (in C ++) that has been corrected, you can take a look at the diffs that have also uploaded in Launchpad (in the section Available diffs).
We hope the article has been helpful and that you update as soon as possible to the latest stable version of LibreOffice, if you use any of the affected Ubuntu, Arch Linux or Debian versions. Otherwise, an attacker could force you to use a specially crafted RTF file and cause a system crash without you even realizing it.