LibreOffice Security Fix [closed]

asked 2017-10-09 12:15:27 +0200

gunjan gravatar image

updated 2020-10-17 10:28:55 +0200

Alex Kemp gravatar image

Hi,

We are using LibreOffice 5.4.1.2 on both Windows and Linux. OpenSSL used by LibreOffice is of version 1.0.2k. It has following vulnerabilities: -

  1. OpenSSL Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735).
  2. TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

Can someone help me mitigate these risks?

The latest version of LibreOffice uses the same OpenSSL component. How OpenSSL is used by LibreOffice? Can we delete the DLL? Can it be manually upgraded?

Best Regards,

Gunjan Aggarwal

edit retag flag offensive reopen merge delete

Closed for the following reason question is not relevant or outdated by Alex Kemp
close date 2020-10-17 10:29:22.005706

Comments

Can we replace the DLL with the 1.0.2l ?

gunjan gravatar imagegunjan ( 2017-10-10 12:25:40 +0200 )edit