Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 462688 - app-office/libreoffice: Update Spoofing Vulnerability
Summary: app-office/libreoffice: Update Spoofing Vulnerability
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://secunia.com/advisories/51701/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-03-22 14:40 UTC by Agostino Sarubbo
Modified: 2013-04-10 00:16 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2013-03-22 14:40:33 UTC 
From ${URL} :

Description
Janek Vind has discovered a vulnerability in LibreOffice, which can be exploited by malicious 
people to conduct spoofing attacks.

The vulnerability is caused due to the application insecurely validating new updates and can be 
exploited to e.g. spoof an update via Man-in-the-Middle (MitM) attacks.

The vulnerability is confirmed in versions 4.0.1.2 and 3.6.5.2. Other versions may also be 
affected.


Solution
No official solution is currently available.

Provided and/or discovered by
Janek Vind "waraxe".

Original Advisory
http://www.waraxe.us/advisory-99.html
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2013-03-22 21:25:29 UTC 
I don't think this affects us, since we install LO with portage and do not offer in-program updates.
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2013-04-10 00:16:12 UTC 
(In reply to comment #1)
> I don't think this affects us, since we install LO with portage and do not
> offer in-program updates.

Thanks, Andreas.