Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
FYI...
LibreOffice 4.4.6/5.0.0 released
- https://www.libreoff.../cve-2015-4551/
Nov 5, 2015 - "The LinkUpdateMode feature controls whether documents inserted into Writer or Calc via links will either not get updated, or prompt to update, or automatically update, when the parent document is loaded. The configuration of this option was stored in the document. That flawed approach enabled documents to be crafted with links to plausible targets on the victims host computer. The contents of those automatically inserted after load links can be concealed in hidden sections and retrieved by the attacker if the document is saved and returned to sender, or via http requests if the user has selected lower security settings for that document..."
- https://www.libreoff.../cve-2015-5214/
Nov 5, 2015 - "Fixed in: LibreOffice 4.4.6/5.0.0
Description: The indexes into the bookmark array were insufficiently checked for validity. A document can be constructed which refers to bookmarks that don't exist, causing memory corruption.
All users are recommended to upgrade to LibreOffice >= 4.4.6 or >= 5.0.0"
Release Notes
- https://www.libreoff.../release-notes/
Security Advisories
> https://www.libreoff...ity/advisories/
Download
- https://www.libreoff...reoffice-still/
___
- http://www.securityt....com/id/1034085
CVE Reference: CVE-2015-4551, CVE-2015-5212, CVE-2015-5213
Nov 5 2015
Version(s): prior to 4.4.5 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code or obtain files on the target user's system.
Solution: The vendor has issued a fix (4.4.5, 5.0.0).
The vendor's advisories are available at:
- https://www.libreoff.../cve-2015-4551/
- https://www.libreoff.../cve-2015-5212/
- https://www.libreoff.../cve-2015-5213/
- http://www.securityt....com/id/1034086
CVE Reference: CVE-2015-5214
Nov 5 2015
Fix Available: Yes Vendor Confirmed: Yes
Version(s): prior to 4.4.6 ...
Impact: A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix (4.4.6, 5.0.0).
The vendor's advisory is available at:
- https://www.libreoff.../cve-2015-5214/
Fixed in: LibreOffice 4.4.6/5.0.0
Edited by AplusWebMaster, 28 November 2015 - 06:57 AM.
