[Staff] Fwd: Informational, Just Opening a Document in LibreOffice Can Hack Your Computer (Unpatched)
William Nguyen
wnguyen at sdsu.edu
Mon Jul 29 08:20:44 PDT 2019
Hi All,
To protect your system, LibreOffice recommends updating or
reinstalling the software without macros or without the LibreLogo
component, by following these steps:
- Open the setup to start the installation
- Select "Custom" installation
- Expand "Optional Components"
- Click on "LibreLogo" and select "This Feature Will Not Be Available"
- Click Next and then Install the software
Best,
William Nguyen
Operating Systems Analyst
College of Engineering, ENG-202A
San Diego State University
5500 Campanile Drive
San Diego, CA 92182-1326
Tel: 619-594-1166
Fax: 619-594-6005
E-mail: wnguyen at sdsu.edu
---------- Forwarded message ---------
From: Ricardo Fitipaldi <rfitipal at sdsu.edu>
Date: Mon, Jul 29, 2019 at 7:53 AM
Subject: Informational, Just Opening a Document in LibreOffice Can Hack
Your Computer (Unpatched)
To: Christopher Leong <cleong at sdsu.edu>, William Nguyen <wnguyen at sdsu.edu>
FYI,
You know of faculty using LibreOffice.
Just Opening a Document in LibreOffice Can Hack Your Computer (Unpatched)
https://thehackernews.com/2019/07/libreoffice-vulnerability.html
Earlier this month, LibreOffice released a patch to fix two severe
vulnerabilities (CVE-2019-9848 and CVE-2019-9849), but according to
security researcher Alex Infuhr, the patch to the former
vulnerability can be bypassed, opening LibreOffice up to a severe
code execution vulnerability. The vulnerability can be used to sneak
malware into your system when you open a malicious document file.
While Ifuhr has not disclosed the details of his patch bypass, he
says that it works much in the way the previous critical flaws
worked. CVE-2019-9848 resides in LibreLogo, which allows users to
specify pre-installed scripts in a document. The flaw allows
attackers "to craft a malicious document that can silently execute
arbitrary python commands without displaying any waring to a targeted
user."
To protect your system, LibreOffice recommends updating or
reinstalling the software without macros or without the LibreLogo
component, by following these steps:
- Open the setup to start the installation
- Select "Custom" installation
- Expand "Optional Components"
- Click on "LibreLogo" and select "This Feature Will Not Be Available"
- Click Next and then Install the software
Sincerely,
Ricardo Fitipaldi
IT Security Office | Interim Information Security Officer
*San Diego State University *| sdsu.edu <https://www.sdsu.edu/>
(619)-594-0099
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://engineering.sdsu.edu/pipermail/staff/attachments/20190729/f345b486/attachment.html>
More information about the Staff
mailing list