------------------------------------------------------------------------- Debian LTS Advisory DLA-4205-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Daniel Leidert June 01, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : libreoffice Version : 1:7.0.4-4+deb11u13 CVE ID : CVE-2025-1080 CVE-2025-2866 Multiple vulnerabilities were discovered in Libreoffice, an office productivity software suite. CVE-2025-1080 LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary arguments. CVE-2025-2866 LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid For Debian 11 bullseye, these problems have been fixed in version 1:7.0.4-4+deb11u13. We recommend that you upgrade your libreoffice packages. For the detailed security status of libreoffice please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libreoffice Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part