CVE-2014-0160

Naslov: CVE-2014-0160

Objavljeno: 7. april 2014

Popravljeno v: LibreOffice 4.2.3

Opis:

The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, aka the Heartbleed bug.

Druge sorodne ranljivosti, prav tako odpravljene:

CVE-2010-5298 CVE-2014-0224 CVE-2013-4353 CVE-2014-0195 CVE-2014-3470 CVE-2013-6449 CVE-2014-0198 CVE-2013-6450 CVE-2014-0221

Users are recommended to upgrade to 4.2.3 to avoid this flaw when using the packages provided from www.libreoffice.org which include a bundled copy of openssl.

LibreOffice 4.1 line uses an older copy of openssl that is not vulnerable.


Sklici: