[New post] BREAKING SOCIAL MEDIA: LibreOffice Releases Software Update to Patch 3 New Vulnerabilities

ace101 posted: " This is our daily post that is shared across Twitter & Telegram and published first on here with Kindness & Love XX on peace-truth.com/ #AceNewsRoom With 'Kindness & Wisdom' July.30, 2022 @acebreakingnews Ace News Room Cutting Floor" Peace & Truth BREAKING SOCIAL MEDIA: LibreOffice Releases Software Update to Patch 3 New Vulnerabilities ace101 Jul 30 This is our daily post that is shared across Twitter & Telegram and published first on here with Kindness & Love XX on peace-truth.com/ #AceNewsRoom With 'Kindness & Wisdom' July.30, 2022 @acebreakingnews Ace News Room Cutting Floor 30/07/2022 Follow Our Breaking & Daily News Here As It Happens: #AceBreakingNews - Tracked as CVE-2022-26305, the issue has been described as a case of improper certificate validation when checking whether a macro is signed by a trusted author, leading to the execution of rogue code packaged within the macros. HACKERS NEWS REPORT; The team behind LibreOffice has released security updates to fix three security flaws in the productivity software, one of which could be exploited to achieve arbitrary code execution on affected systems. "An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted," LibreOffice said in an advisory. Also resolved is the use of a static initialization vector (IV) during encryption (CVE-2022-26306) that could have weakened the security should a bad actor have access to the user's configuration information. Lastly, the updates also resolve CVE-2022-26307, wherein the master key was poorly encoded, rendering the stored passwords susceptible to a brute-force attack if an adversary is in possession of the user configuration. The three vulnerabilities, which were reported by OpenSource Security GmbH on behalf of the German Federal Office for Information Security, have been addressed in LibreOffice versions 7.2.7, 7.3.2, and 7.3.3. The patches come five months after the Document Foundation fixed another improper certificate validation bug (CVE-2021-25636) in February 2022. Last October, three spoofing flaws were patched that could be abused to alter documents to make them appear as if they are digitally signed by a trusted source. #AceNewsDesk report ………..Published: July.30: 2022: Editor says …Sterling Publishing & Media Service Agency is not responsible for the content of external site or from any reports, posts or links, and can also be found here on Telegram: https://t.me/acenewsdaily and all wordpress and live posts and links here: https://acenewsroom.wordpress.com/ and thanks for following as always appreciate every like, reblog or retweet and free help and guidance tips on your PC software or need help & guidance from our experts AcePCHelp.WordPress.Com Comment Unsubscribe to no longer receive posts from Peace & Truth. Change your email settings at manage subscriptions. Trouble clicking? Copy and paste this URL into your browser: https://peace-truth.com/breaking-social-media-libreoffice-releases-software-update-to-patch-3-new-vulnerabilities/ Powered by WordPress.com