[SECURITY] [DSA 6251-1] libreoffice security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6251-1] libreoffice security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 7 May 2026 18:56:43 +0000
Message-id: <[🔎] afzgazHLfaFZu5kE@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6251-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 07, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libreoffice
CVE ID         : CVE-2026-4430

Dun Anh Nguyen discovered a buffer overflow in LibreOffice, which could
result in an out-of-bounds write if OOXML documents with malformed
encryption parameters are opened.

For the oldstable distribution (bookworm), this problem has been fixed
in version 4:7.4.7-1+deb12u11.

For the stable distribution (trixie), this problem has been fixed in
version 4:25.2.3-2+deb13u4.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmn8258ACgkQEMKTtsN8
Tjacew//aGMDdsyxfGU5izQr8zPm9Bb2emFolfymkAhOrMoa/+apY6jOPmuUtp5B
Ly51+ak9EAzY7ueP7tj2Sr5/4EDyismXWNM4LMLI0211zsoN8LynLV8BZlrZZF6g
5Gh7bcHdY3FrBbNwCjXOKzW30oC9WNoAStaHU8lZQHyOETO7k2729X1f1Dy+CLsC
c8sXlkXqPyVycYy0HK/n0qShC8cs/k0BG+e+tYciMbgoPy0YE+apqbM38bdrGGnJ
OyNiMdleOCkSNRn/7CM6G9wK7mHsEWI2wP/LqbV1C6nZi01hWvRLDKQni3U5cErl
p0ED90PcdW2zp9hqvLgoXEj9UQ8+I07QyUmxI7WlBbaMcl8NQvqEjw/CYBtNNMAe
e1b43uSp3WcoKb5yNLAYK8+XiYBY7UQK6U7LUyEIwlylbvdB3rK/iQNNy3WBQsMV
K+twcLO8z55pNsciL8Ev/Ig0wKIUkvpt1gO2bNhjp9Xq3FsiYS7Cq4JZCQ3vtUng
fG2AAr/oLnOJTvoqwA0InbOpX8KjdhOAHJC78qDL/QCY1syjnh2dKVE0oVfr00Ks
Wx+fVe0px4RvwuXhMOPc+PScZj0s4xPnRV94VwP2eOZu+TJZ1hNYBECCQqgbWP6i
cQj/uN4ZZlnRTt8wF2ExwrGxmQbiNtWa109ihr4Q95dMIoYKkTk=
=YZex
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6250-1] chromium security update
Next by Date: [SECURITY] [DSA 6252-1] prosody security update
Previous by thread: [SECURITY] [DSA 6250-1] chromium security update
Next by thread: [SECURITY] [DSA 6252-1] prosody security update
Index(es):
- Date
- Thread