PublicDateAtUSN: 2018-02-09
Candidate: CVE-2018-6871
PublicDate: 2018-02-09 06:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871
 https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
 https://blog.documentfoundation.org/blog/2018/02/09/early-availability-libreoffice-5-4-5-libreoffice-6-0-1/
 https://ubuntu.com/security/notices/USN-3579-1
Description:
 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to
 read arbitrary files via =WEBSERVICE calls in a document, which use the
 COM.MICROSOFT.WEBSERVICE function.
Ubuntu-Description:
Notes:
Bugs:
Priority: high
Discovered-by:
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_libreoffice:
 upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a
 upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=4ede45eb239b1604bca900c22481b7d13e4c2790
 upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=e1946d75a1095c2596d7815600454ff01fcd3270
 upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=2bef4debcf7650f3b3922134dff0332d4a95da3f
 upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=dc44111ad5965bf4179fc654b677e1e445dea2f0
 upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4&id=908854a7b281454332af434be9468ec45d420030
upstream_libreoffice: released (5.4.5,6.0.1)
precise/esm_libreoffice: DNE
trusty_libreoffice: released (1:4.2.8-0ubuntu5.3)
trusty/esm_libreoffice: DNE (trusty was released [1:4.2.8-0ubuntu5.3])
xenial_libreoffice: released (1:5.1.6~rc2-0ubuntu1~xenial3)
esm-infra/xenial_libreoffice: released (1:5.1.6~rc2-0ubuntu1~xenial3)
artful_libreoffice: released (1:5.4.5-0ubuntu0.17.10.1)
devel_libreoffice: released (1:6.0.1-0ubuntu3)