Notice to users of LibreOfficeit’s time to update your office suite.
The developers have indeed deployed a patch aimed at eliminating three vulnerabilities, one of which allows the execution of arbitrary code via the open source software of the suite.
Three LibreOffice vulnerabilities patched
LibreOffice has rolled out an update that fixes three security vulnerabilities that can be actively exploited by hackers and compromise affected devices. One allowed the execution of malicious code by exploiting a flaw in the macro user certificate, another could let attackers access stored passwords if they managed to get their hands on the user profile and its configuration, which the last vulnerability allowed more easily.
” An attacker could then create an arbitrary certificate with a serial number and an issuer identical to a certificate trusted by LibreOffice […] potentially leading the user to execute arbitrary code containing falsely approved macros says LibreOffice. This trio of vulnerabilities was spotted by researchers OpenSource Security GmbH. All have been fixed in versions 7.2.7, 7.3.2, and 7.3.3 of the office suite. Upon launching updated software, users will automatically be prompted to re-encrypt their stored passwords using a compliant method.
Source : TheHackerNews
3