USN-3579-2: LibreOffice regression

libreoffice regression

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 17.10


USN-3579-1 caused a regression in LibreOffice.

Software Description

  • libreoffice – Office productivity suite


USN-3579-1 fixed a vulnerability in LibreOffice. After upgrading, it was
no longer possible for LibreOffice to open documents from certain
locations outside of the user’s home directory. This update fixes the

We apologize for the inconvenience.

Original advisory details:

It was discovered that =WEBSERVICE calls in a document could be used to
read arbitrary files. If a user were tricked in to opening a specially
crafted document, a remote attacker could exploit this to obtain sensitive
information. (CVE-2018-6871)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 17.10

To update your system, please follow these instructions:

After a standard system update you need to restart LibreOffice to make
all the necessary changes.


Read More

How to Try Firefox CSD on Linux, Right Now

firefox celebration gifFirefox support for client-side decorations (better known as CSD) is coming to its Linux app — but if you can’t live without it, we’re gonna show you how to enable it. As we’ve mentioned before, a CSD toggle is present in nightly builds of the browser. When enabled on GTK3 desktop it merges the title […]

This post, How to Try Firefox CSD on Linux, Right Now, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.

Read More

VLC 3.0.1 Released with Improved Chromecast Support

vlc 3.0A new point update the recent VLC 3.0 release is available to download. VLC 3.0.1 update has better VLC Chromecast support. Fans of the versatile video player who want to cast video from their desktop to the tiny streaming dongle using VLC will find loading speed and connections are improved, and VP9 casting now works. […]

This post, VLC 3.0.1 Released with Improved Chromecast Support, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.

Read More

Monitoring with Prometheus

Prometheus is open-source and one of the popular CNCF projects written in Golang. Some of its components are written in Ruby but most of the components are written in Go. This means you have a single binary executables, you download and run Prometheus with it’s components as that simple. Prometheus is fully Docker compatible. A number of Prometheus components with the Prometheus itself are available on the Docker Hub.

Read More

Can Open Source Hardware Be Like Open Source Software?

Hardware and software are certainly different beasts. Software is really just information, and the storing, modification, duplication, and transmission of information is essentially free. Hardware is expensive, or so we think, because it’s made out of physical stuff which is costly to ship or copy. So when we talk about open-source software (OSS) or open-source hardware (OSHW), we’re talking about different things — OSS is itself the end product, while OSHW is just the information to fabricate the end product, or have it fabricated.

Read More

From DevOps to DevSecOps: Structuring Communication for Better Security

DevSecOps is emerging as a superior way to integrate security throughout the DevOps cycles, using better intelligence, situational awareness, and enhanced collaboration. It entails a solid approach to change management, or standardizing specific processes that can help prevent problems downstream. Poor (or no) change management is the biggest culprit in preventing organizations from pinpointing the root cause of critical issues, thereby slowing down the entire business.

Read More