Vulnerable version still on main download page, use 6.2.5 instead
The Document Foundation has recently patched LibreOffice, its open-source office suite, to fix an issue where documents can be configured to run macros silently on opening.
The code execution vulnerability, reported by Nils Emmerich and assigned CVE-2019-9848, is the result of multiple flaws.
The first is with a feature called LibreLogo which is intended for teaching programming. You type Logo commands into a document and it draws graphics from those instructions with a cursor that looks like a turtle, as a homage to the Logo programming language of yore.
The LibreOffice implementation coverts the Logo commands to Python, which is passed to the Python interpreter for execution without much in the way of safety checks. LibreLogo is an optional component, though ..
Support the originator by clicking the read the rest link below.
