UbuntuUpdates.org

Package "libjuh-java"

Name: libjuh-java

Description:

transitional package for LibreOffice UNO runtime environment
Latest version: 1:7.3.7-0ubuntu0.22.04.8
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: libreoffice
Homepage: http://www.libreoffice.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libjuh-java"

All arch deb package
APT INSTALL

Other versions of "libjuh-java" in Jammy

Repository Area Version
base universe 1:7.3.2-0ubuntu2
security universe 1:7.3.7-0ubuntu0.22.04.8
backports universe 4:24.2.7-0ubuntu0.24.04.1~bpo22.04.1
PPA: LibreOffice 4:24.8.4~rc2-0ubuntu0.22.04.1~lo1

Changelog

Version: 1:7.3.7-0ubuntu0.22.04.8 2025-01-27 21:07:27 UTC

  libreoffice (1:7.3.7-0ubuntu0.22.04.8) jammy-security; urgency=medium

  * SECURITY UPDATE: Path traversal leading to arbitrary .ttf file write
    - debian/patches/CVE-2024-12425.patch: be conservative on allowed temp
      font names
    - CVE-2024-12425
  * SECURITY UPDATE: URL fetching can be used to exfiltrate arbitrary INI
      file values and environment variables
    - debian/patches/CVE-2024-12426-1.patch: consider VndSunStarExpand an
      exotic protocol
    - debian/patches/CVE-2024-12426-2.patch: look at 'embedded' protocols too
    - CVE-2024-12426
    - debian/patches/CVE-2024-12426-3.patch: Fix check for further exotic
      protocols

 -- Rico Tzschichholz <email address hidden> Thu, 23 Jan 2025 14:54:13 +0100
Source diff to previous version
CVE-2024-12425 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute P
CVE-2024-12426 Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.

Version: 1:7.3.7-0ubuntu0.22.04.7 2024-09-19 17:07:04 UTC

  libreoffice (1:7.3.7-0ubuntu0.22.04.7) jammy-security; urgency=medium

  * SECURITY UPDATE: Signatures in "repair mode" should not be trusted
    - debian/patches/CVE-2024-7788.patch: sfx2: SfxObjectShell should
      not trust any signature on repaired package
    - CVE-2024-7788

 -- Rico Tzschichholz <email address hidden> Wed, 18 Sep 2024 17:10:51 +0200
Source diff to previous version
CVE-2024-7788 Improper Digital Signature InvalidationĀ  vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerabili

Version: 1:7.3.7-0ubuntu0.22.04.6 2024-08-15 18:07:20 UTC

  libreoffice (1:7.3.7-0ubuntu0.22.04.6) jammy-security; urgency=medium

  * SECURITY UPDATE: Ability to trust not validated macro signatures
    removed in high security mode (LP: #2076130)
    - debian/patches/CVE-2024-6472.patch: remove ability to trust not
      validated macro signatures in high security
    - CVE-2024-6472

 -- Rico Tzschichholz <email address hidden> Mon, 05 Aug 2024 21:22:27 +0200
Source diff to previous version
2076130 CVE-2024-6472
CVE-2024-6472 Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by

Version: 1:7.3.7-0ubuntu0.22.04.5 2024-05-28 15:07:10 UTC

  libreoffice (1:7.3.7-0ubuntu0.22.04.5) jammy-security; urgency=medium

  * SECURITY UPDATE: Graphic on-click binding allows unchecked script
     execution
    - debian/patches/CVE-2024-3044.patch: add notify for script use
    - CVE-2024-3044

 -- Rico Tzschichholz <email address hidden> Wed, 15 May 2024 09:06:02 +0200
Source diff to previous version
CVE-2024-3044 Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt

Version: 1:7.3.7-0ubuntu0.22.04.4 2023-12-14 16:07:07 UTC

  libreoffice (1:7.3.7-0ubuntu0.22.04.4) jammy-security; urgency=medium

  * SECURITY UPDATE: Improper input validation enabling arbitrary Gstreamer
     pipeline injection
    - debian/patches/CVE-2023-6185.patch: escape url passed to gstreamer
    - CVE-2023-6185
  * SECURITY UPDATE: Link targets allow arbitrary script execution
    - debian/patches/CVE-2023-6186-*.patch: multiple commits to fix
      security issues.
    - CVE-2023-6186
  * patches/CppunitTest_desktop_lib-adjust-asserts-so-this-works.patch:
    - Usage of expired certificates in CppunitTest_desktop_lib:
      adjust asserts so this works again

 -- Rico Tzschichholz <email address hidden> Mon, 11 Dec 2023 15:19:13 +0100
CVE-2023-6185 Improper input validation enabling arbitrary Gstreamer pipeline injection
CVE-2023-6186 Link targets allow arbitrary script execution


About   -   Send Feedback to @ubuntu_updates