UbuntuUpdates.org

Package "libreoffice"

Name: libreoffice

Description:

office productivity suite (metapackage)
Latest version: 1:5.1.6~rc2-0ubuntu1~xenial10
Release: xenial (16.04)
Level: updates
Repository: universe
Homepage: http://www.libreoffice.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libreoffice"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libreoffice" in Xenial

Repository Area Version
base main 5.1.2-0ubuntu1
base universe 1:5.1.2-0ubuntu1
security universe 1:5.1.6~rc2-0ubuntu1~xenial10
security main 5.1.6~rc2-0ubuntu1~xenial10
updates main 5.1.6~rc2-0ubuntu1~xenial10
PPA: LibreOffice 1:6.2.8~rc2-0ubuntu0.16.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:5.1.6~rc2-0ubuntu1~xenial4 2018-08-13 18:06:30 UTC

  libreoffice (1:5.1.6~rc2-0ubuntu1~xenial4) xenial; urgency=medium

  * debian/libreoffice-mysql-connector.triggers.in,
    debian/libreoffice-wiki-publisher.triggers.in:
    - removed, file path triggers do not need to be activated explicitly
  * debian/libreoffice-common.triggers.in: switch to -noawait trigger
    (LP: #1780996)

 -- Olivier Tilloy <email address hidden> Fri, 03 Aug 2018 13:00:22 +0200
Source diff to previous version

Version: 1:5.1.6~rc2-0ubuntu1~xenial3 2018-02-22 02:06:44 UTC

  libreoffice (1:5.1.6~rc2-0ubuntu1~xenial3) xenial-security; urgency=medium

  [ Marc Deslauriers ]

  * SECURITY UPDATE: remote arbitrary file disclosure vulnerability using
    WEBSERVICE
    - debian/patches/CVE-2018-6871-1.patch: limit WEBSERVICE to http[s]
      protocols.
    - debian/patches/CVE-2018-6871-2.patch: better handle ScDde formulas
      with missing dde-link entries.
    - debian/patches/CVE-2018-6871-3.patch: handle ocWebservice similarly
      to ocDde.
    - debian/patches/CVE-2018-6871-4.patch: CheckLinkFormulaNeedingCheck()
      for .xls and .xlsx formula cells.
    - debian/patches/CVE-2018-6871-5.patch: CheckLinkFormulaNeedingCheck()
      for conditional format expressions
    - debian/patches/CVE-2018-6871-6.patch: CheckLinkFormulaNeedingCheck()
      for named expressions
    - debian/patches/CVE-2018-6871-7.patch: fix for DDE link update via
      Function Wizard
    - CVE-2018-6871
  * SECURITY UPDATE: use-after-free in SwRootFrame
    - debian/patches/layout-footnote-use-after-free.diff: fix layout
      footnote use-after-free in SwRootFrame.
    - No CVE number.

 -- Olivier Tilloy <email address hidden> Sat, 17 Feb 2018 22:55:08 +0100
Source diff to previous version
CVE-2018-6871 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.

Version: 1:5.1.6~rc2-0ubuntu1~xenial2 2017-05-02 21:07:08 UTC

  libreoffice (1:5.1.6~rc2-0ubuntu1~xenial2) xenial-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in ReadEnhWMF function
    - debian/patches/CVE-2016-10327.patch: add check to
      vcl/source/filter/wmf/enhwmf.cxx.
    - CVE-2016-10327
  * SECURITY UPDATE: out-of-bounds write in tools::Polygon::Insert function
    - debian/patches/CVE-2017-7870.patch: check if ImplSplit succeeded in
      tools/inc/poly.h, tools/source/generic/poly.cxx.
    - CVE-2017-7870

 -- Marc Deslauriers <email address hidden> Fri, 28 Apr 2017 09:51:22 -0400
Source diff to previous version
CVE-2016-1032 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to
CVE-2017-7870 LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in too

Version: 1:5.1.6~rc2-0ubuntu1~xenial1 2017-02-23 17:07:14 UTC

  libreoffice (1:5.1.6~rc2-0ubuntu1~xenial1) xenial; urgency=medium

  * new upstream rc
Source diff to previous version

Version: 1:5.1.4-0ubuntu1 2016-06-30 03:06:50 UTC

  libreoffice (1:5.1.4-0ubuntu1) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service and possible arbitrary code execution
    via a crafted RTF file
    - CVE-2016-4324
  * new upstream rc

 -- Bjoern Michaelsen <email address hidden> Wed, 15 Jun 2016 17:19:25 +0200


About   -   Send Feedback to @ubuntu_updates