LibreOffice updates 7.3.6/7.4.1 available
The update fixes a critical macro security vulnerability.
The update is mandatory, because otherwise a simple HTML line in an Office file is sufficient and when it is opened, LibreOffice executes any commands on the system.
The according security advisory warns of a security meltdown. LibreOffice may execute arbitrary commands as soon as you open an ODT file. Without any further questions or yellow bars with warnings that you would have to click away.
When you think of macros, you actually think of Microsoft Office, where cyber criminals have been using their capabilities for years to infect systems on a large scale. But LibreOffice also masters macros. And if you cleverly embed it in an HTML element, LibreOffice will run it directly at startup without any further prompts or warnings.
LibreOffice versions 7.3.6 and 7.4.1 introduce additional checks and display a warning about macros instead. LibreOffice users should update their installation as soon as possible.