CVE-2014-0160

タイトル: CVE-2014-0160

アナウンス: 2014年4月7日

修正されたバージョン: LibreOffice 4.2.3

詳細:

The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, aka the Heartbleed bug.

Users are recommended to upgrade to 4.2.3 to avoid this flaw when using the packages provided from www.libreoffice.org which include a bundled copy of openssl.

LibreOffice 4.1 line uses an older copy of openssl that is not vulnerable.


参考資料:

最新のツイート

@libreoffice
@tdforg