LibreOffice Security Fix

asked 2017-10-09 12:15:27 +0100

gunjan gravatar image

updated 2017-10-11 10:55:24 +0100

Hi,

We are using LibreOffice 5.4.1.2 on both Windows and Linux. OpenSSL used by LibreOffice is of version 1.0.2k. It has following vulnerabilities: -

  1. OpenSSL Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735).
  2. TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

Can someone help me mitigate these risks?

The latest version of LibreOffice uses the same OpenSSL component. How OpenSSL is used by LibreOffice? Can we delete the DLL? Can it be manually upgraded?

Best Regards,

Gunjan Aggarwal

edit retag flag offensive close merge delete

Comments

Can we replace the DLL with the 1.0.2l ?

gunjan gravatar imagegunjan ( 2017-10-10 12:25:40 +0100 )edit