We are using LibreOffice 18.104.22.168 on both Windows and Linux. OpenSSL used by LibreOffice is of version 1.0.2k. It has following vulnerabilities: -
- OpenSSL Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735).
- TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)
Can someone help me mitigate these risks?
The latest version of LibreOffice uses the same OpenSSL component.
How OpenSSL is used by LibreOffice? Can we delete the DLL?
Can it be manually upgraded?