*** This bug is a duplicate of bug 1037111 ***
https://bugs.launchpad.net/bugs/1037111
marking as a dupe of the 3.5.7 SRU for precise then.
** This bug has been marked a duplicate of bug 1037111
[SRU] LibreOffice 3.5.7 for precise
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/973881
Title:
Vulnerable to the billion laughs attack
Status in “libreoffice” package in Ubuntu:
Confirmed
Bug description:
If one alters one of the various xml file formats that libreoffice supports(I
tested against .docx and .odt - I assume the other formats are also vulnerable)
and inserts the [0] billion laughs 'stock' xml attack into the document when
libreoffice attempts to open the file then it will expand the entities (using
100% cpu and continuing to use more and more memory).
I will attach an example .odt file where the content.xml inside the zip
container has been modified to this issue.
[0]http://en.wikipedia.org/wiki/Billion_laughs
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/973881/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
