LibreOffice Security Fix


We are using LibreOffice on both Windows and Linux. OpenSSL used by LibreOffice is of version 1.0.2k. It has following vulnerabilities: -

  1. OpenSSL Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735).
  2. TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

Can someone help me mitigate these risks?

The latest version of LibreOffice uses the same OpenSSL component.
How OpenSSL is used by LibreOffice? Can we delete the DLL?
Can it be manually upgraded?

Best Regards,

Gunjan Aggarwal

Can we replace the DLL with the 1.0.2l ?