LibreOffice testing gets fuzzy
The LibreOffice developers have now published some details of the security fixes they incorporated in LibreOffice 3.4.3 and applied to the older LibreOffice 3.3.4 release. Full details will be withheld until more users have migrated to the new version. This includes a correction which removes a memory corruption vulnerability when loading Microsoft Word documents that could have allowed a specially crafted document to execute arbitrary code. Listed as CVE-2011-2713, there is currently no severity rating or further details on the issue.
Other fixes have been applied to flaws found through applying fuzz testing techniques to parts of the open source office suite. The developers say they have made various improvements to the loading of .wmf (Windows Metafile) and .emf Windows Enhanced Metafile after fuzz testing. "Working on fuzzing LibreOffice import filters has been a great experience", said Marc-André Laverdière of Tata Consultancy Services, "Working in cooperation with TDF (The Document Foundation) development team, we have found and fixed serious security and crasher bugs."
A general program of improving stability through improving code quality has also led to some additional security patches and fixes. The Document Foundation recommends all users to upgrade to LibreOffice 3.4.3 which is available to download for Windows, Mac OS X and Linux from the project's site.
- Data salad - A look at fuzzing, a feature from The H.