Date: prev next · Thread: first prev next last


皆様

TDFより以下のとおりの脆弱性修正についてお知らせがありました。
影響のあるバージョンを利用している方にはLibO 6.1.6または6.2.3に更新する
ことをお奨めします。

WindowsやmacOSでユーザーが文書中のハイパーリンクをクリックするなどして、
リンク先を有効化し明示的に処理しようとするときに、以前のバージョンでは
実行可能ファイルかどうかを判定していませんでした。
修正されたバージョンでは、ハイパーリンクが有効化される際実行可能ファイル
かどうかを判定し、該当する場合は実行しません。

-- Takeshi Abe

On Wed, 08 May 2019 11:19:42 +0100, Caolán McNamara <caolanm@redhat.com> wrote:
tl;dr: Upgrade to 6.1.6 or 6.2.3

CVE-2019-9847 Executable hyperlink targets executed unconditionally on
activation

Before 6.1.6/6.2.3 under Windows and macOS when processing a hyperlink
target explicitly activated by the user, as in you explicitly click on
a hyperlink in some LibreOffice application, there was no judgment made
on whether the target was an executable file, so such executable
targets were launched unconditionally.

In the fixed versions, such executables are not executed on hyperlink
activation.




-- 
To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.documentfoundation.org/www/discuss/
Privacy Policy: https://www.documentfoundation.org/privacy

-- 
Unsubscribe instructions: E-mail to users+unsubscribe@ja.libreoffice.org
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/ja/users/
Privacy Policy: https://www.documentfoundation.org/privacy

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.