Announcement

Collapse
No announcement yet.

LibreOffice 4.2.3 Takes Care Of The Heartbleed Bug

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • LibreOffice 4.2.3 Takes Care Of The Heartbleed Bug

    Phoronix: LibreOffice 4.2.3 Takes Care Of The Heartbleed Bug

    Version 4.2.3 of the LibreOffice open-source office suite is now available...

    http://www.phoronix.com/vr.php?view=MTY2MDk

  • #2
    LibreOffice uses OpenSSL?

    Comment


    • #3
      Originally posted by Cyborg16 View Post
      LibreOffice uses OpenSSL?
      LiberOffice uses TLS? How does liberoffice take care of the heartbleed bug?

      Comment


      • #4
        Originally posted by ncopa View Post
        LiberOffice uses TLS? How does liberoffice take care of the heartbleed bug?
        Libreoffice bundle OpenSSL, they just updated it: https://www.libreoffice.org/about-us...cve-2014-0160/
        I'm not sure why/where they use TLS.

        Comment


        • #5
          Originally posted by Spittie View Post
          Libreoffice bundle OpenSSL, they just updated it: https://www.libreoffice.org/about-us...cve-2014-0160/
          I'm not sure why/where they use TLS.
          OpenSSL (and NSS as alternative) is used for document encryption (AES).
          TLS? Maybe for WebDAV and libcmis.. Maybe libraries to connect to databases use it too - I'm not sure (they use OpenSSL).

          Comment


          • #6
            There is a bunch of stuff in libreoffice that connects to databases and web sources.
            Does it actually pull in its own openssl on Linux? Or is that just included for the benefit of wondoze users?

            Comment


            • #7
              From the spec file (Fedora, current version):

              Changelog part: - update to 4.2.0 beta2... - openssl no longer required to build
              %build section: --disable-openssl \

              Older version 4.1.5.3-7.fc19 spec file:
              (newest version from koji < 4.2.0b2)

              BuildRequires: openssl-devel

              **** which means that it is pulling from the *system* openssl, and not from what is coming with the libreoffice source.

              Fedora users need not be concerned. Just yum -y update *ssl* and you're protected.

              Comment


              • #8
                So did Jolla on their just released April update to Sailfish OS.
                http://www.jollausers.com/2014/04/41...-mms-and-more/

                Comment

                Working...
                X