Jump to content
Login new information ×
Login new information
  • Software News

    LibreOffice 7.2.4 and 7.1.8 Released with an Important Security Fix, Update Now

    aum

    By aum,
    Published Date:

    • 733 views
    • 2 minutes
     Share
    • 733 views
    • 2 minutes

    The Document Foundation announced today the release and general availability of the LibreOffice 7.2.4 and LibreOffice 7.1.8 updates that address an important security vulnerability.

     

    Released a month earlier than expected, LibreOffice 7.2.4 is now available for download along with LibreOffice 7.1.8, an unplanned release in the LibreOffice 7.1 series of the popular, free and open-source office suite, which reached end of life on November 30th, 2021.

     

    Both releases include a fix for a buffer heap overflow vulnerability, namely CVE-2021-43527, which is a remote code execution flaw discovered in the way Mozilla’s NSS (Network Security Services) component verifies certificates.

     

    The issue affects email clients and PDF viewers that use NSS for verifying signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12, such as LibreOffice, Evolution, Evince, and Mozilla Thunderbird, and it could allow an attacker posing as an SSL/TLS server to send a malicious certificate to obtain sensitive information.

     

     

    “All LibreOffice users are recommended to update their installation. Both new version include the fixed NSS 3.73.0 cryptographic library, to solve CVE-2021-43527,” reads the release announcement.

     

    Users of the LibreOffice 7.2 and 7.1 office suite series, as well as users of the Mozilla Thunderbird, Evolution, and Evince apps, and other apps that use the NSS component are urged to update their installations as soon as possible to the latest versions of these software.

     

    You can download LibreOffice 7.2.4 and 7.1.8 right now from the official website as DEB or RPM binaries for Debian/Ubuntu-based or Red Hat-based distributions.

     

    If you have LibreOffice installed from the software repositories of your GNU/Linux distribution, it is highly recommended that you update your installations from there rather than installing the binaries provided by The Document Foundation.

     

    The NSS component could be used by other applications, so make sure that you keep your installations up to date at all times to avoid security threats or system instability.

     

    Source

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...