Critical Security Flaw in LibreOffice: Must-Read Update!
Ensure your system's safety by promptly updating LibreOffice to address a critical security flaw Beware, the WebP vulnerability extends beyond web browsers, making this a crucial fix for all users
An emergency update for LibreOffice has been released by The Document Foundation, addressing a security vulnerability found in the libwebp software library. This vulnerability affects various applications including web browsers and email clients. It is recommended that users with LibreOffice installed update to the latest version as soon as possible.
In an earlier blog post today, The Document Foundation announced the release of LibreOffice 7.6.2 Community and LibreOffice 7.5.7 Community ahead of schedule. This release addresses a security issue known as CVE 2023-4863, which stems from the widely-used libwebp code library developed by Google over a decade ago for rendering the WebP graphics format. All LibreOffice users are advised to promptly update their current version.
You can access the official LibreOffice website to download LibreOffice 7.6.2 and LibreOffice 7.5. These versions will soon be available through Linux software repositories, if they are not already. Both versions are compatible with Windows 7 and newer as well as macOS Catalina 10.15 and newer. Additionally, LibreOffice 7.5 is also compatible with macOS Sonoma 10.14.
This security flaw has already resulted in emergency updates for popular web browsers such as Google Chrome, Mozilla Firefox, and Microsoft Edge, as WebP images are commonly used on the web. Although it is less likely to encounter a WebP image in a document or presentation file with LibreOffice, there is still a risk of downloading a document from an email or website that contains a malicious WebP file. This issue has been a long-standing problem with macros in Microsoft Office files.
LibreOffice 7.5, released in February 2023, brought with it new app icons, an updated dark mode, enhancements to the Single Toolbar interface, and other useful adjustments. In August, LibreOffice 7.6 was released, which, while lacking any flashy new features or interface updates, did include several minor improvements and numerous bug fixes. Both versions have a security patch available, however, older versions such as LibreOffice 7.4 and below will not receive patches. If you are using an older version, possibly due to operating system limitations (for example, LibreOffice 6.0 no longer supports Windows XP and Vista), there are limited options available to you.
