Name | CVE-2018-10583 |
Description | An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
libreoffice (PTS) | jessie, jessie (lts) | 1:4.3.3-2+deb8u15 | vulnerable |
| stretch (security) | 1:5.2.7-1+deb9u11 | vulnerable |
| stretch (lts), stretch | 1:6.1.5-3+deb9u5 | vulnerable |
| buster, buster (lts) | 1:6.1.5-3+deb10u14 | vulnerable |
| buster (security) | 1:6.1.5-3+deb10u12 | vulnerable |
| bullseye | 1:7.0.4-4+deb11u10 | vulnerable |
| bullseye (security) | 1:7.0.4-4+deb11u11 | vulnerable |
| bookworm (security), bookworm | 4:7.4.7-1+deb12u5 | vulnerable |
| trixie | 4:24.8.3-3 | vulnerable |
| sid | 4:24.8.4-1 | vulnerable |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|
libreoffice | source | (unstable) | (unfixed) | unimportant | | |
Notes
http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/
This is the generic behaviour of accessing remote SMB shares and not limited to
Libreoffice. This can e.g. be addressed by rejecting outgoing SMB connections
from the local network
The following commit adds this class of access to the list of trusted locations:
https://cgit.freedesktop.org/libreoffice/core/commit/?id=0b7f4a4f57117fde33d0b1df96134aa6ccce023e