We will be migrating from Ask to Discourse on the first week of August, read the details here

Ask Your Question
0

Python Core Upgrade and Fix [closed]

asked 2017-08-22 12:01:16 +0200

gunjan gravatar image

Hi,

We are using Libre Office 5.3.4.2. There were some security vulnerabilities related to Python reported on the same. To resolve them we thought upgrading to Libre Office 5.4.0.3.

The latest version of Libre Office 5.4.0.3 uses Python 3.5.0 which also posses the following security risks: -

  1. CVE-2016-5636: Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
  2. CVE-2015-5652: Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says "It was determined that this is a longtime behavior of Python that cannot really be altered at this point."

Can we upgrade the Python to 3.5.4 by replacing the folders?

Please suggest.

We use Libre Office on Windows and Linux.

Best Regards, Gunjan Aggarwal

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by gunjan
close date 2017-10-09 12:14:07.056099

1 Answer

Sort by » oldest newest most voted
0

answered 2017-08-22 12:17:41 +0200

LO 5.4.0 uses python 3.5.3, and the next LO 5.3/5.4 micro releases will have python 3.5.4: see https://gerrit.libreoffice.org/40944 and its cherry-picks.

The directory name is misleading.

edit flag offensive delete link more

Comments

Thanks Mike. It does help.

Any idea about the release date of next minor release of LO 5.4.0?

gunjan gravatar imagegunjan ( 2017-08-22 12:37:45 +0200 )edit

Thanks for all the information Mike.

gunjan gravatar imagegunjan ( 2017-08-22 12:42:32 +0200 )edit

Question Tools

1 follower

Stats

Asked: 2017-08-22 12:01:16 +0200

Seen: 228 times

Last updated: Aug 22 '17