20.Lock AbstractDigital Circular

An Improper Validation of Array Index vulnerability (CVE-2023-0950) was discovered in the spreadsheet component of The Document Foundation LibreOffice 7.4 versions prior to 7.4.6 and 7.5 versions prior to 7.5.1. With a low attack complexity, no privileges or user interaction required to exploit, and a high confidentiality, integrity and availability impact, this bug has received a National Vulnerability Database (NVD) severity rating of “Critical”.

This issue could potentially result in the execution of arbitrary code when loading a malformed spreadsheet document or unacknowledged loading of linked documents within a floating frame. 

An important LibreOffice security update that fixes this dangerous flaw has been released. We strongly recommend that all impacted users apply the LibreOffice updates issued by their distro(s) as soon as possible to protect the confidentiality, integrity and availability of their systems and their sensitive data.

To stay on top of important updates released by the open-source programs and applications you use, be sure to register as a LinuxSecurity user, then subscribe to our Linux Advisory Watch newsletter and customize your advisories for the distro(s) you use. This will enable you to stay up-to-date on the latest, most significant issues impacting the security of your systems.

Follow @LS_Advisories on Twitter for real-time updates on advisories for your distro(s).