皆様 TDFより、脆弱性が修正されているLibreOffice 5.2.5以上、もしくはLibreOffice 5.3.0 以上にアップグレードすることをお奨めする案内がありました。
具体的には CVE-2016-10327 CVE-2017-7856 CVE-2017-7870 CVE-2017-7882 という4つの脆弱性に対応しています。詳しくは CVE-2016-10327 Heap-buffer-overflow in EMF filter https://www.libreoffice.org/about-us/security/advisories/CVE-2016-10327 および CVE-2017-7870 Heap-buffer-overflow in WMF filter polygon processing https://www.libreoffice.org/about-us/security/advisories/CVE-2017-7870 をご覧ください。 残りのCVE-2017-7856とCVE-2017-7882は開発中のコードにだけ存在したもので、リリース されたバージョンには含まれていません。 -- Takeshi Abe On Fri, 21 Apr 2017 13:06:53 +0100, Caolán McNamara <caol...@redhat.com> wrote: > tl;dr: All users are recommended to upgrade to LibreOffice >= 5.2.5 or >>= 5.3.0. > > Recently 4 CVEs were filed for LibreOffice, namely... > > CVE-2016-10327 Heap-buffer-overflow in EMF filter > CVE-2017-7856 Heap-buffer-overflow in WMF filter > CVE-2017-7882 Heap-buffer-overflow in HWP filter > CVE-2017-7870 Heap-buffer-overflow in WMF filter polygon processing > > They are all related to the google oss-fuzz program (https://testing.go > ogleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html) of > which we are part > > These two: > > CVE-2017-7856 Heap-buffer-overflow in WMF filter > CVE-2017-7882 Heap-buffer-overflow in HWP filter > > refer to temporary defects which were introduced during the development > cycle and then fixed again before any release was made, so there is no > release affected by these specific issues. > > > These two however *are* in released products: > > https://www.libreoffice.org/about-us/security/advisories/CVE-2016-10327 > CVE-2016-10327 Heap-buffer-overflow in EMF filter > > Enhanced Metafiles (EMF) can contain bitmap data preceded by a header > and a field with in that header which states the offset from the start > of the header to the bitmap data. An emf can be crafted to provide an > illegal offset which if not tested for validity can trigger a heap > buffer overflow. > > https://www.libreoffice.org/about-us/security/advisories/CVE-2017-7870 > CVE-2017-7870 Heap-buffer-overflow in WMF filter polygon processing > > Windows Metafiles (WMF) can contain polygons which under certain > circumstances when processed (split) can result in output polygons > which have too many points to be represented by LibreOffice's internal > polygon class. resulting in a heap buffer overflow could occur as the > attempt to split the polygon was assumed to succeed. > > Everything is fixed in 5.2.5 and 5.3.0 > -- Unsubscribe instructions: E-mail to discuss+unsubscr...@ja.libreoffice.org Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/ja/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
