We also work with security labs that do penetration tests. We use a number of tools, like Coverity Scan, as one of the sources of information of potential vulnerabilities. We have people working in companies like Red Hat that take care of LibreOffice security. We have a group of specialists that handle security, exactly as this is done for a company like Microsoft. "Although we are an open-source project we have well over 100 million users, probably close to 200 million users. The foundation maintains that it has high security standards. This earlier vulnerability was reported in November 2018. It also seems questionable that these macros bypass security settings, though we were also told that they "were double-checked at the time of CVE-2018-16858, where it was known that built-in scripts could be called silently from document event handlers". Unfortunately, the age of the code is no proof of its security. They have been there for years and they have not given issues." Many of them, we were told, "have been there since OpenOffice times" – referring to the fact that LibreOffice was a fork from what is now Apache OpenOffice. "These run because they are part of the LibreOffice installation. It is in the LibreOffice library, where it is listed under "LibreOffice Macros". Macros, or not macros? These will run without prompting at any security settingĭespite this claim, the LibreLogo Run command certainly looks like a macro.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |