皆様 CVE-2017-3157として報告されているCalcとWriterでの脆弱性が LibreOffice 5.1.6/5.2.2/5.3.0 で修正されているという案内がありました。 上記より以前のバージョンを利用されている場合にはアップグレードすることを お奨めします。
-- Takeshi Abe On Wed, 22 Feb 2017 14:26:21 +0000, Caolán McNamara <caol...@redhat.com> wrote: > Fixed in LibreOffice 5.1.6/5.2.2/5.3.0 > > --- > CVE-2017-3157 Arbitrary file disclosure in Calc and Writer > http://www.libreoffice.org/about-us/security/advisories/CVE-2017-3157 > > Embedded Objects in writer and calc can contain previews of their > content. A document can be crafted which contains an embedded object > that is a link to an existing file on the targets system. On load the > preview of the embedded object will be updated to reflect the content > of the file on the target system. In the case of LibreOffice used as an > online service that preview of data on the target system could be used > to expose details of the environment LibreOffice is running in. In the > case of LibreOffice as a standard desktop application, the preview > could be concealed in hidden sections and retrieved by the attacker if > the document is saved and returned to sender. > > In later version of LibreOffice without this flaw the LinkUpdateMode > feature has been expanded to additionally control the update of > previews of embedded objects as well as its prior function to control > the update of embedded object contents. > --- > > This is somewhat similar to > https://www.libreoffice.org/about-us/security/advisories/CVE-2015-4551 > but instead of the *content* of an embedded link to a file getting > updated this is limited to the *preview* of the file getting updated. > > -- > To unsubscribe e-mail to: discuss+unsubscr...@documentfoundation.org > Problems? > http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette > List archive: http://listarchives.documentfoundation.org/www/discuss/ > All messages sent to this list will be publicly archived and cannot be deleted -- Unsubscribe instructions: E-mail to discuss+unsubscr...@ja.libreoffice.org Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/ja/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
