UbuntuUpdates.org

Package "libreoffice-base-nogui"

Name: libreoffice-base-nogui

Description:

office productivity suite -- database (no GUI variant)
Latest version: 4:24.2.7-0ubuntu0.24.04.4
Release: noble (24.04)
Level: security
Repository: universe
Head package: libreoffice
Homepage: http://www.libreoffice.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libreoffice-base-nogui"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libreoffice-base-nogui" in Noble

Repository Area Version
base universe 4:24.2.2-0ubuntu1
updates universe 4:24.2.7-0ubuntu0.24.04.4
backports universe 4:25.2.6-0ubuntu0.25.04.1~bpo24.04.1
PPA: LibreOffice 4:25.8.2~rc2-0ubuntu0.24.04.1~lo1

Changelog

Version: 4:24.2.7-0ubuntu0.24.04.4 2025-05-08 16:07:25 UTC

  libreoffice (4:24.2.7-0ubuntu0.24.04.4) noble-security; urgency=medium

  * SECURITY UPDATE: PDF signature forgery with adbe.pkcs7.sha1 SubFilter
    - debian/patches/CVE-2025-2866.patch: Improve adbe.pkcs7.sha1 signature
      verification
    - CVE-2025-2866

 -- Rico Tzschichholz <email address hidden> Mon, 05 May 2025 17:20:55 +0200
Source diff to previous version
CVE-2025-2866 Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affect

Version: 4:24.2.7-0ubuntu0.24.04.3 2025-03-10 15:07:05 UTC

  libreoffice (4:24.2.7-0ubuntu0.24.04.3) noble-security; urgency=medium

  * SECURITY UPDATE: Macro URL arbitrary script execution
    - debian/patches/CVE-2025-1080.patch: Filter out more unwanted command
      URIs
    - CVE-2025-1080

 -- Rico Tzschichholz <email address hidden> Thu, 06 Mar 2025 08:58:09 +0100
Source diff to previous version
CVE-2025-1080 LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice

Version: 4:24.2.7-0ubuntu0.24.04.2 2025-01-27 16:07:26 UTC

  libreoffice (4:24.2.7-0ubuntu0.24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: Path traversal leading to arbitrary .ttf file write
    - debian/patches/CVE-2024-12425.patch: be conservative on allowed temp
      font names
    - CVE-2024-12425
  * SECURITY UPDATE: URL fetching can be used to exfiltrate arbitrary INI
      file values and environment variables
    - debian/patches/CVE-2024-12426-1.patch: consider VndSunStarExpand an
      exotic protocol
    - debian/patches/CVE-2024-12426-2.patch: look at 'embedded' protocols too
    - debian/patches/CVE-2024-12426-3.patch: Fix check for further exotic
      protocols
    - CVE-2024-12426

 -- Rico Tzschichholz <email address hidden> Mon, 20 Jan 2025 09:58:29 +0100
Source diff to previous version
CVE-2024-12425 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute P
CVE-2024-12426 Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.

Version: 4:24.2.5-0ubuntu0.24.04.2 2024-08-15 14:07:18 UTC

  libreoffice (4:24.2.5-0ubuntu0.24.04.2) noble-security; urgency=medium

  * No-change rebuild in the -security pocket to fix CVE-2024-6472.
    (LP: #2076130)

 -- Marc Deslauriers <email address hidden> Tue, 13 Aug 2024 10:32:23 -0400
Source diff to previous version
2076130 CVE-2024-6472
CVE-2024-6472 Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by

Version: 4:24.2.4-0ubuntu0.24.04.2 2024-07-04 15:07:06 UTC

  libreoffice (4:24.2.4-0ubuntu0.24.04.2) noble-security; urgency=medium

  * No-change rebuild in the -security pocket to fix CVE-2024-5261.
    (LP: #2071624)

 -- Marc Deslauriers <email address hidden> Tue, 02 Jul 2024 07:26:26 -0400
2071624 CVE-2024-5261
CVE-2024-5261 Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be use


About   -   Send Feedback to @ubuntu_updates