- #Libreoffice openoffice bug allows hackers signed update#
- #Libreoffice openoffice bug allows hackers signed upgrade#
- #Libreoffice openoffice bug allows hackers signed download#
In that case, you should either download the “deb” or “rpm” package from the Download center or build LibreOffice from the source. Suppose you’re running Linux and the versions mentioned above aren’t yet available through your distribution’s package manager.
#Libreoffice openoffice bug allows hackers signed update#
The auto-updating feature is absent in both applications, so you should manually update to the most recent version. That would be OpenOffice 4.1.10 and later, and LibreOffice 7.0.5 or 7.1.1 and later. If you’re using one of the open-source office suites, you should update to the most recent version right away. The same problem affects LibreOffice, a branch of OpenOffice created from the original project over a decade ago, and is listed as CVE-2021-25635 for their project. Document macros employ digital signatures to let users verify that the document hasn’t been tampered with and can be trusted.Īllowing anybody to sign macro-infested papers and make them look trustworthy is an excellent method to trick people into launching malicious malware.įour researchers from Ruhr University Bochum discovered the OpenOffice issue and assigned the number CVE-2021-41832. If you’re still running an old and vulnerable version, you shouldn’t rely on the “trusted list” functionality as an invalid signature algorithm could still make a laced document appear as it comes from a trusted source.Updates for LibreOffice and OpenOffice have been released to address a security flaw that allows an attacker to make documents seem to be signed by a trusted source.Īlthough the vulnerability is classed as mild in severity, the consequences might be severe. In the new dialog, you may select among four distinct levels of security, with High or Very High being the recommended options. LibreOffice settings menu to disable macros To set macro security on LibreOffice, go to Tools → Options → LibreOffice → Security, and click on ‘Macro Security’. If updating to the latest version is not possible for any reason, you can always opt to completely disable the macro features on your office suite, or avoid trusting any documents containing macros. If you’re using Linux and the aforementioned versions aren’t available on your distribution's package manager yet, you are advised to download the “deb”, or “rpm” package from the Download center or build LibreOffice from source. Since neither of these two applications offer auto-updating, you should do it manually by downloading the latest version from the respective download centers - LibreOffice, OpenOffice. For OpenOffice, that would be 4.1.10 and later, and for LibreOffice, 7.0.5 or 7.1.1 and later.
#Libreoffice openoffice bug allows hackers signed upgrade#
If you’re using either of the open-source office suites, you’re advised to upgrade to the latest available version immediately. The same flaw impacts LibreOffice, which is a fork of OpenOffice spawned from the main project over a decade ago, and for their project is tracked as CVE-2021-25635. The discovery of the flaw, which is tracked as CVE-2021-41832 for OpenOffice, was the work of four researchers at the Ruhr University Bochum.
"Allowing anyone to sign macro-ridden documents themselves, and make them appear as trustworthy, is an excellent way to trick users into running malicious code. The digital signatures used in document macros are meant to help the user verify that the document hasn’t been altered and can be trusted.
LibreOffice and OpenOffice have pushed updates to address a vulnerability that makes it possible for an attacker to manipulate documents to appear as signed by a trusted source.Īlthough the severity of the flaw is classified as moderate, the implications could be dire.
0 kommentar(er)
