Both new version include the fixed NSS 3.73.0 cryptographic library, to solve CVE-2021-43527,” reads the release announcement. “All LibreOffice users are recommended to update their installation. The Mozilla advisory is here - Tavis Ormandy December 1, 2021 This is a major memory corruption flaw in NSS, almost any use of NSS is affected. The issue affects email clients and PDF viewers that use NSS for verifying signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12, such as LibreOffice, Evolution, Evince, and Mozilla Thunderbird, and it could allow an attacker posing as an SSL/TLS server to send a malicious certificate to obtain sensitive information. Released a month earlier than expected, LibreOffice 7.2.4 is now available for download along with LibreOffice 7.1.8, an unplanned release in the LibreOffice 7.1 series of the popular, free and open-source office suite, which reached end of life on November 30th, 2021.īoth releases include a fix for a buffer heap overflow vulnerability, namely CVE-2021-43527, which is a remote code execution flaw discovered in the way Mozilla’s NSS (Network Security Services) component verifies certificates. The Document Foundation announced today the release and general availability of the LibreOffice 7.2.4 and LibreOffice 7.1.8 updates that address an important security vulnerability.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |