GLSA-201802-06 : LibreOffice: Information disclosure
Medium Nessus Plugin ID 106887
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201802-06 (LibreOffice: Information disclosure)
It was discovered that missing restrictions in the implementation of the WEBSERVICE function in LibreOffice could result in the disclosure of arbitrary files.
A remote attacker could entice a user to open a specially crafted document using LibreOffice, possibly resulting in the disclosure of arbitrary files readable by the victim.
There is no known workaround at this time.
SolutionAll LibreOffice users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-office/libreoffice-220.127.116.11' All LibreOffice binary users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-office/libreoffice-bin-18.104.22.168'