CVE-2014-0160

Title: CVE-2014-0160

Announced: April 7, 2014

Fixed in: LibreOffice 4.2.3

Description:

The TLS and DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, aka the Heartbleed bug.

Other related vulnerabilites, also fixed:

CVE-2010-5298 CVE-2014-0224 CVE-2013-4353 CVE-2014-0195 CVE-2014-3470 CVE-2013-6449 CVE-2014-0198 CVE-2013-6450 CVE-2014-0221

Users are recommended to upgrade to 4.2.3 to avoid this flaw when using the packages provided from www.libreoffice.org which include a bundled copy of openssl.

LibreOffice 4.1 line uses an older copy of openssl that is not vulnerable.


References:

Latest Tweets

@libreoffice
@tdforg