Establishing Digital Trust: Don't Sacrifice Security for Convenience
Version 3.5.5 of LibreOffice has been released, patching several vulnerabilities.
"According to the project's security advisory, these include multiple heap-based buffer overflow vulnerabilities in the XML manifest encryption tag parsing code," The H Security reports. "Successful exploitation of the vulnerabilities could lead to the execution of arbitrary code on a system with the privileges of a local user. For an attack to be successful, a victim must first open a specially crafted Open Document Format (ODF) file. Versions up to and including LibreOffice 3.5.4 are affected; upgrading to version 3.5.5 or later fixes these problems. All users are advised to upgrade."
"LibreOffice 3.5.5 was released on July 11, but the security advisory describing the vulnerabilities was published on Tuesday. ... The vulnerabilities are collectively identified as CVE-2012-2665 and were also fixed in LibreOffice 3.6.0 -- a version that hasn't yet reached the final stage of development, but is available to download as a release candidate," writes PCWorld's Lucian Constantin.