Earlier this month, a security vulnerability in the popular libwebp software library was discovered, affecting everything from web browsers to email clients. The Document Foundation, the developers behind the free and open-source LibreOffice suite, has now released an emergency update for LibreOffice that includes the fix. You should update as soon as possible if you have LibreOffice installed.
Today’s blog post explains, “The Document Foundation is releasing LibreOffice 7.6.2 Community and LibreOffice 7.5.7 Community ahead of schedule to address a security issue known as CVE 2023-4863, which originates in a widely used code library known as libwebp, created by Google more than a decade ago to render the then-new WebP graphics format. […] All users of LibreOffice are encouraged to update their current version as soon as possible.”
You can download LibreOffice 7.6.2 and LibreOffice 7.5 from the official LibreOffice website, and it should be available through Linux software repositories soon (if it’s not already). Both versions are compatible with Windows 7 and newer and macOS Catalina 10.15 and newer, while LibreOffice 7.5 is also compatible with macOS Sonoma 10.14.
The same security flaw already led to emergency updates for Google Chrome, Mozilla Firefox, Microsoft Edge, and most other web browsers, since WebP images are most common on the web. You’re less likely to come across a WebP image in a document or presentation file with LibreOffice, but you could end up downloading a document from an email or website that contains a malicious WebP file. That has been a problem for years with macros in Microsoft Office files.
LibreOffice 7.5 was released in February 2023, introducing new app icons, a revamped dark mode, improvements to the Single Toolbar interface, and other helpful adjustments. LibreOffice 7.6 arrived in August, and while it didn’t have any flashy new features or interface updates, it did include some minor improvements and a lot of bug fixes. The security patch is avaialble for both versions, but LibreOffice 7.4 and older will not be patched. If you’re on an older version, perhaps due to operating system restrictions — LibreOffice 6.0 dropped support for Windows XP and Vista, for example — there’s not much you can do.
Source: Document Foundation