Ask Your Question
0

All LO versions < 5.4.5/6.0.1 are not secure?

asked 2018-02-22 06:15:05 +0200

EasyTrieve gravatar image

updated 2018-02-22 16:06:49 +0200

While researching the recent Meltdown and Spectre exploit announcement, I happened to stumble on this related to LibreOffice:

LibreOffice < 6.0.1 - '=WEBSERVICE' Remote Arbitrary File Disclosure

Is this related to just running a downloaded document?

edit retag flag offensive close merge delete

Comments

1

All (not only Linux) LO versions <5.4.5/6.0.1 that support WEBSERVICE are affected by the vulnerability. If you measure the term "secure" by this, then yes. I wouldn't dare to say that LO is secure anyway in any version (just as any software); possibly we just don't yet know about hidden vulnerability.

By the way, every day we (especially Caolan) fix many things that could possibly become vulnerabilities; fuzzing tests help identify those in advance.

Mike Kaganski gravatar imageMike Kaganski ( 2018-02-22 09:59:42 +0200 )edit

1 Answer

Sort by » oldest newest most voted
1

answered 2018-02-23 07:17:21 +0200

All (not only Linux) LO versions <5.4.5/6.0.1 that support WEBSERVICE are affected by the vulnerability. If you measure the term "secure" by this, then yes. I wouldn't dare to say that LO is secure anyway in any version (just as any software); possibly we just don't yet know about hidden vulnerability.

By the way, every day we (especially Caolan) fix many things that could possibly become vulnerabilities; fuzzing tests help identify those in advance.

edit flag offensive delete link more
Login/Signup to Answer

Question Tools

1 follower

Stats

Asked: 2018-02-22 06:15:05 +0200

Seen: 103 times

Last updated: Feb 23 '18