Python Core Upgrade and Fix

English
, ,
#1

Hi,

We are using Libre Office 5.3.4.2. There were some security vulnerabilities related to Python reported on the same.
To resolve them we thought upgrading to Libre Office 5.4.0.3.

The latest version of Libre Office 5.4.0.3 uses Python 3.5.0 which also posses the following security risks: -

  1. CVE-2016-5636: Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
  2. CVE-2015-5652: Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says “It was determined that this is a longtime behavior of Python that cannot really be altered at this point.”

Can we upgrade the Python to 3.5.4 by replacing the folders?

Please suggest.

We use Libre Office on Windows and Linux.

Best Regards,
Gunjan Aggarwal

#2

LO 5.4.0 uses python 3.5.3, and the next LO 5.3/5.4 micro releases will have python 3.5.4: see https://gerrit.libreoffice.org/40944 and its cherry-picks.

The directory name is misleading.

#3

Thanks Mike. It does help.

Any idea about the release date of next minor release of LO 5.4.0?

#4

https://wiki.documentfoundation.org/ReleasePlan

#5

Thanks for all the information Mike.

#6

Impressum (Legal Info) | Datenschutzerklärung (Privacy Policy)   Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.