ELA-1460-1 libreoffice security update
ELA-1460-1 libreoffice security update
Package : libreoffice
Version : 1:6.1.5-3+deb9u7 (stretch), 1:6.1.5-3+deb10u16 (buster)
Related CVEs :
CVE-2025-1080
CVE-2025-2866
Multiple vulnerabilities were fixed in libreoffice, a popular office productivity suite.
CVE-2025-1080
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice
with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific
to LibreOffice was added. In the affected versions of LibreOffice a link in a browser
using that scheme could be constructed with an embedded inner URL that when passed
to LibreOffice could call internal macros with arbitrary arguments.
CVE-2025-2866
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows
PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice
a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid
signatures to be accepted as valid.ELA-1460-1 libreoffice security update
