Date: prev next · Thread: first prev next last
2013 Archives by date, by thread · List index

[tdf-discuss] security related information, CVE-2013-2189 and CVE-2013-4156


Apache OpenOffice has announced the details of CVE-2013-2189 and
CVE-2013-4156 as they affect Apache OpenOffice, i.e.

CVE-2013-2189: CVE-2013-2189: OpenOffice DOC Memory Corruption
Vulnerability
http://permalink.gmane.org/gmane.comp.apache.maven.announce/1503

CVE-2013-4156: OpenOffice DOCM Memory Corruption Vulnerability 
http://permalink.gmane.org/gmane.comp.apache.maven.announce/1504

I have now put up equivalent advisory pages for LibreOffice as...

a) http://www.libreoffice.org/advisories/CVE-2013-2189/
CVE-2013-2189: Microsoft .doc Memory Corruption Vulnerability
We fixed this problem as a side effect of our fixes for CVE-2011-2713 so
any version of LibreOffice >= 3.4.3 is unaffected.

and

b) http://www.libreoffice.org/advisories/CVE-2013-4156/
CVE-2013-4156: Microsoft .docm Denial Of Service
We had done some additional work in that filter so for LibreOffice the
document triggered a NULL deref and immediate termination of the
application. So it's a mild denial of service issue for LibreOffice,
nevertheless upgrading to LibreOffice 3.6.7/4.0.4/4.1.0 will avoid the
DOS.

C.


-- 
To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.