[PR] The Document Foundation publishes details of LibreOffice 3.4.3 security fixes

The Internet, October 4, 2011 - The Document Foundation (TDF) publishes some details of the
security fixes included with the recently released LibreOffice 3.4.3, and included in the older
3.3.4 version. Following industry best practice, details of security fixes are withheld until users
have been given time to migrate to the new version.

RedHat security researcher Huzaifa Sidhpurwala identified a memory corruption vulnerability in the
code responsible for loading Microsoft Word documents in LibreOffice. This flaw could have been
used for nefarious purposes, such as installing viruses, through a specially-crafted file. The
corresponding vulnerability description is CVE-2011-2713,"Out-of-bounds property read in binary
.doc filter".

LibreOffice 3.4.3 also includes various improvements to the loading of Windows Metafile (.wmf) and
Windows Enhanced Metafile (.emf) image formats that were found through fuzz testing.

LibreOffice developers have developed some additional security patches and fixes. These are part of
a general set of development improvements which are reflected in the overall quality and stability
of the software. Most LibreOffice 3.4.3 security fixes have been developed by Caolan McNamara of
RedHat and Marc-André Laverdière of Tata Consultancy Services.

"Working on fuzzing LibreOffice import filters has been a great experience, and I am glad I could
contribute in securing the computing experience of millions of users," said Marc-André Laverdière,
Scientist, TCS Innovation Labs, Tata Consultancy Services, Ltd. "Working in cooperation with the
TDF development team, we have found and fixed serious security and crasher bugs."

All users are recommended to upgrade to LibreOffice 3.4.3 as soon as possible, in order to benefit
from the improved security of the office suite. LibreOffice 3.4.3 can be downloaded from
http://www.libreoffice.org.

About LibreOffice

LibreOffice is The Document Foundation's (TDF) power-packed free, libre and open source personal
productivity suite for Windows, Macintosh and GNU/Linux, that offers six feature-rich applications
for a whole range of document production and data processing needs: Writer, Calc, Impress, Draw,
Math and Base. Support and documentation is provided by a large community of corporate sponsors,
users, individual contributors and developers. As of September 30, 2011, LibreOffice is estimated
to have 25 million users worldwide.

About The Document Foundation (TDF)

The Document Foundation is an open, independent, self-governing, meritocratic organization, which
builds on ten years of dedicated work by the OpenOffice.org Community. TDF was created in the
belief that the culture born of an independent foundation brings out the best in corporate and
volunteer contributors, and will deliver the best free office suite. TDF is open to any individual
who agrees with its core values and contributes to its activities, and warmly welcomes corporate
participation, e.g. by sponsoring individuals to work as equals alongside other contributors in the
community. As of September 30, 2011, TDF has 136 members and over a thousand volunteers and
contributors worldwide.

Media Contacts

Florian Effenberger (based near Munich, Germany, UTC+1)
	Phone: +49 8341 99660880 - Mobile: +49 151 14424108
	E-mail: floeff@documentfoundation.org - Skype: floeff
Olivier Hallot (based in Rio de Janeiro, Brazil, UTC-3)
	Mobile: +55 21 88228812 - E-mail: olivier.hallot@documentfoundation.org
Charles H. Schulz (based in Paris, France, UTC+1)
	Mobile: +33 6 98655424 - E-mail: charles.schulz@documentfoundation.org
Italo Vignoli (based in Milan, Italy, UTC+1)
	SIP Phone: +39 02 320621813 - Mobile: +39 348 5653829
	E-mail: italo.vignoli@documentfoundation.org - Skype: italovignoli
	GTalk: italo.vignoli@gmail.com

--

Italo Vignoli - The Document Foundation
mob +39 348 5653829 - skype italovignoli
italo.vignoli@documentfoundation.org