On Wed, 22 Feb 2017 14:26:21 +0000, Caolán McNamara <[hidden email]> wrote:
> Fixed in LibreOffice 5.1.6/5.2.2/5.3.0
> CVE-2017-3157 Arbitrary file disclosure in Calc and Writer
> http://www.libreoffice.org/about-us/security/advisories/CVE-2017-3157 >
> Embedded Objects in writer and calc can contain previews of their
> content. A document can be crafted which contains an embedded object
> that is a link to an existing file on the targets system. On load the
> preview of the embedded object will be updated to reflect the content
> of the file on the target system. In the case of LibreOffice used as an
> online service that preview of data on the target system could be used
> to expose details of the environment LibreOffice is running in. In the
> case of LibreOffice as a standard desktop application, the preview
> could be concealed in hidden sections and retrieved by the attacker if
> the document is saved and returned to sender.
> In later version of LibreOffice without this flaw the LinkUpdateMode
> feature has been expanded to additionally control the update of
> previews of embedded objects as well as its prior function to control
> the update of embedded object contents.
> This is somewhat similar to
> https://www.libreoffice.org/about-us/security/advisories/CVE-2015-4551 > but instead of the *content* of an embedded link to a file getting
> updated this is limited to the *preview* of the file getting updated.
> To unsubscribe e-mail to: [hidden email] > Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette > List archive: http://listarchives.documentfoundation.org/www/discuss/ > All messages sent to this list will be publicly archived and cannot be deleted