Ir para o conteúdo
ou

Software livre Brasil

TDF blog

redirection forbidden: http://blog.documentfoundation.org/feed/ -> https://blog.documentfoundation.org/feed/

Minha rede

TDF Wiki Brasil

redirection forbidden: http://wiki.documentfoundation.org/index.php?title=Special:RecentChanges&feed=atom -> https://wiki.documentfoundation.org/index.php?title=Special:RecentChanges&feed=atom

 Voltar a Comunidade L...
Tela cheia Sugerir um artigo

The Document Foundation publishes details of LibreOffice 3.4.3 security fixes

5 de Outubro de 2011, 0:00 , por Software Livre Brasil - 0sem comentários ainda | Ninguém está seguindo este artigo ainda.
Visualizado 244 vezes

The Internet, October 4, 2011 – The Document Foundation (TDF) publishes some details of the security fixes included with the recently released LibreOffice 3.4.3, and included in the older 3.3.4 version. Following industry best practice, details of security fixes are withheld until users have been given time to migrate to the new version.

RedHat security researcher Huzaifa Sidhpurwala identified a memory corruption vulnerability in the code responsible for loading Microsoft Word documents in LibreOffice. This flaw could have been used for nefarious purposes, such as installing viruses, through a specially-crafted file. The corresponding vulnerability description is CVE-2011-2713,”Out-of-bounds property read in binary .doc filter”.

LibreOffice 3.4.3 also includes various improvements to the loading of Windows Metafile (.wmf) and Windows Enhanced Metafile (.emf) image formats that were found through fuzz testing.

LibreOffice developers have developed some additional security patches and fixes. These are part of a general set of development improvements which are reflected in the overall quality and stability of the software. Most LibreOffice 3.4.3 security fixes have been developed by Caolan McNamara of RedHat and Marc-André Laverdière of Tata Consultancy Services.

“Working on fuzzing LibreOffice import filters has been a great experience, and I am glad I could contribute in securing the computing experience of millions of users,” said Marc-André Laverdière, Scientist, TCS Innovation Labs, Tata Consultancy Services, Ltd. “Working in cooperation with the TDF development team, we have found and fixed serious security and crasher bugs.”

All users are recommended to upgrade to LibreOffice 3.4.3 as soon as possible, in order to benefit from the improved security of the office suite. LibreOffice 3.4.3 can be downloaded from http://www.libreoffice.org.



Fonte: http://blog.documentfoundation.org/2011/10/05/the-document-foundation-publishes-details-of-libreoffice-3-4-3-security-fixes/

0sem comentários ainda

Enviar um comentário

Os campos são obrigatórios.

Se você é um usuário registrado, pode se identificar e ser reconhecido automaticamente.