Results 1 to 8 of 8

Thread: LibreOffice 4.2.3 Takes Care Of The Heartbleed Bug

  1. #1
    Join Date
    Jan 2007
    Posts
    14,805

    Default LibreOffice 4.2.3 Takes Care Of The Heartbleed Bug

    Phoronix: LibreOffice 4.2.3 Takes Care Of The Heartbleed Bug

    Version 4.2.3 of the LibreOffice open-source office suite is now available...

    http://www.phoronix.com/vr.php?view=MTY2MDk

  2. #2
    Join Date
    Jul 2009
    Posts
    221

    Default

    LibreOffice uses OpenSSL?

  3. #3

    Default

    Quote Originally Posted by Cyborg16 View Post
    LibreOffice uses OpenSSL?
    LiberOffice uses TLS? How does liberoffice take care of the heartbleed bug?

  4. #4
    Join Date
    Nov 2013
    Posts
    145

    Default

    Quote Originally Posted by ncopa View Post
    LiberOffice uses TLS? How does liberoffice take care of the heartbleed bug?
    Libreoffice bundle OpenSSL, they just updated it: https://www.libreoffice.org/about-us...cve-2014-0160/
    I'm not sure why/where they use TLS.

  5. #5
    Join Date
    Jul 2013
    Posts
    16

    Default

    Quote Originally Posted by Spittie View Post
    Libreoffice bundle OpenSSL, they just updated it: https://www.libreoffice.org/about-us...cve-2014-0160/
    I'm not sure why/where they use TLS.
    OpenSSL (and NSS as alternative) is used for document encryption (AES).
    TLS? Maybe for WebDAV and libcmis.. Maybe libraries to connect to databases use it too - I'm not sure (they use OpenSSL).

  6. #6
    Join Date
    Oct 2009
    Posts
    2,110

    Default

    There is a bunch of stuff in libreoffice that connects to databases and web sources.
    Does it actually pull in its own openssl on Linux? Or is that just included for the benefit of wondoze users?

  7. #7
    Join Date
    Oct 2009
    Posts
    2,110

    Default

    From the spec file (Fedora, current version):

    Changelog part: - update to 4.2.0 beta2... - openssl no longer required to build
    %build section: --disable-openssl \

    Older version 4.1.5.3-7.fc19 spec file:
    (newest version from koji < 4.2.0b2)

    BuildRequires: openssl-devel

    **** which means that it is pulling from the *system* openssl, and not from what is coming with the libreoffice source.

    Fedora users need not be concerned. Just yum -y update *ssl* and you're protected.

  8. #8
    Join Date
    Nov 2012
    Location
    Camarillo, CA
    Posts
    72

    Default

    So did Jolla on their just released April update to Sailfish OS.
    http://www.jollausers.com/2014/04/41...-mms-and-more/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •