back to article LibreOffice fixes virus-friendly Word import flaw

LibreOffice users ought to update their software: a security hole has been discovered in the code used to import Microsoft Word documents into the open-source productivity suite. The latest version of the software contains a fix for the problem. A memory corruption-related vulnerability in the import code creates a possible …


This topic is closed for new posts.
  1. William Gallafent

    Quick off the mark …

    It looks as if 3.4.3 has been available since 31st August, why a story about this today? Or did I miss something?

  2. banjomike

    That version was released a month ago

    LibreOffice 3.4.3 Final came out 2011-08-31

  3. Stuart 22


    If they fixed it in 3.4.3 which was released in August - why have they not notified us before?

    They were knowingly (and still?) recommending corporate/stable to use an insecure version 3.3.4

  4. batfastad


    Shame that in order to update you have to download the full 150MB thing and re-install.

    Hopefully LibreOffice will one day implement an auto-update system which doesn't require manually downloading and re-installing. And instead just updates the changed components.

    1. Anonymous Coward
      Anonymous Coward

      RE: auto-update

      I have a feeling, that I read somewhere, that someone owns the patents to that sort of system, probably Apple or Microsoft ...

      1. batfastad

        So Firefox, Thunderbird, Opera, Chrome, Azureues/Vuze, jEdit etc. And Adobe Creative Suite I believe downloads and integrate updates without re-installing the whole lot. And not forgetting the many Linux distros that download and update changed components via a package manager.

        All in violation of a patent? Wowzer!

  5. DrXym Silver badge

    Doesn't sound hugely serious

    Unless you worked for a company which was known to use LibreOffice, the chances of receiving a tainted .doc file with the express intent you open it up in another produce seems pretty low.

    It would be nice if LibreOffice did implement a patch based update system. Such things exist. There should be no reason to have to have to download a 150Mb product and go through a full reinstall just to fix a handful of files.

  6. Robert Carnegie Silver badge

    You don't update Windows then?

    Excuse me, you think 150 MB is an unreasonably large update patch?

    Windows has security advisory -notices- that large.

    Well, not quite. But if you're using LibreOffice, then it's quite likely that you don't have to keep Microsoft Office up to date on the same PC. That is a major saving.

  7. niya blake


    Is big one. Unless I'm doing a massive update I don't see any thing that big. My last office up date was 23 megs.

    1. Robert Carnegie Silver badge


      Mine appears to come with .NET... that isn't helping. (Well, not in this respect.)

  8. xlq

    Too compatible.

    Vulnerabilities, huh? I've seen they've taken Microsoft Word compatibility one step too far.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021