Date: prev next · Thread: first prev next last
2015 Archives by date, by thread · List index


Hi :)
Yeh, the upgrade to 3.4.0 supposedly dealt with 1 security issue and i
think there have been 1 or 2 upgrades since then that we were urged to
do as a matter of some urgency for similar reasons.  That makes about
2-4 in about 4 years.  I'm not sure if macros featured in any besides
the 1 mentioned.  I never seemed to fall foul of the problems even
though i didn't upgrade when told to, even on 'my' Windows machines.

Wrt Johnny Rosenburg's comment that macros are not 100% backwards
compatible and ancient macros might not be 100% guaranteed to work in
newer versions but it all works "pretty much".  It seems there are
changes that may affect some macros but these only happen quite a bit
less often than security issues occur in the whole program/suite.

Regards from
Tom :)


On 10 February 2015 at 18:26, jonathon <toki.kantoor@gmail.com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/02/15 14:47, Tom Davies wrote:

I've never heard of OpenOffice or LibreOffice macros being used as an attack vector

At least one proof-of-concept extension was released.
At least one document with an included proof-of-concept macro was released.

The upside of those proof of concept items, is that the user had to
deliberately click on something, for the payload to be delivered.


However, several years ago there was an article in a language related to
French, that implied that at least one "malware attack vector" using ODF
file formats was in the wild. (This article was several years after the
French ministry of Defence discussed security flaws in OOo, and was
referring to then-current events.)

One of the Snowdon Papers implied that OOo security flaws were being
exploited, but it gave no details about what, where, or how it was being
done.

That said, if one works in area where spear-phishing is a daily yawn,
the security model offered by OOo, and its derivatives, is harder to
breach than that offered by MSO.

jonathon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJU2k1OAAoJEKG7hs8nSMR7SK4P/2L325ySLvZwvTi9tzH38M7f
cQKeDivmaxxnkKrtBz4EW2Jrz745irpHmwbSPp5s7EJNhEaGwSuNEuy3RMR+gf0M
Of4VdvQsHI74ndR0DkKakL7dh/Ki0cJUHR+agC8z+XB9+hU5Rq2RPtQ3fhvr9nyC
ExPgB6Dy+0jYIIarYdPH/iJ3I1k6QROubp+CmZS1de0rEN9/EJdAxo7F9n2TDJ1d
LmSBj0mwdzpTBKrwI6kXo4TAI6zvJ1FTls4J4PTu6+xeEZecjd3h5BfF/anAOHQv
eC2YqPJdDQnUzu7EURp9i1/+w2cdTybGA/H2AZlAH6g0ZoVLCTeyzRrMC1gLj9hy
xg5RCGwrJTIFNPzYXkrAmUF6yrzQwOXVIk7q77pz9KVpCokG5tgmFtH+4QPbyc5x
v1Fn+0OyQbZ1UVUrh+YKwVoS+wA3LNWCIgRrkbf64rYQcoeI4URKRuTKF8iPEwqp
u88QnLcytFDLI4KflQoH0f5s0TQEVlaSDgJU0hL2n7oZTJdu6hOPEB30Istok3KX
0aebWn5p/+rYPPwXigqmlxKJkr0jtJn1SrUDiSO9OwHv4AS57NvFjPW4S1g3a/6K
cbVrEDj7pjCyQDayBlPquHdVynWYpi6DqoI4CXKI3sF+svGNuEgqe2HZOfW+c3jf
fLKrJB2Lh92IauoQ4rzE
=i6m+
-----END PGP SIGNATURE-----

--
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

-- 
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.