You are here

Security Vulnerability in Current Version 3.1.9398.500

3 posts / 0 new
Last post
PortableJeff
Offline
Last seen: 5 years 4 months ago
Joined: 2009-09-03 00:58
Security Vulnerability in Current Version 3.1.9398.500

According to Secunia PSI (Personal Software Inspector), version 3.1.9398.500 of soffice.exe, included with the current version 3-1 portable app, is not secure. They link to a secure version with a download file name of OOo_3.1.1_Win32Intel_install_wJRE_en-US.

If you aren't already doing it, I suggest installing copies of all your apps to a hard disk on a machine in your office, installing PSI, and setting it to "Enable Program Monitoring." You will then receive the earliest possible notification of security vulnerabilities, and can adjust your development schedule as needed to respond.

Thanks for the great product.

arw
Offline
Last seen: 2 years 9 months ago
Joined: 2009-02-19 11:37
Any idea when we'll see an

Any idea when we'll see an updated version to correct this?

bh2ooo
Offline
Last seen: 13 years 10 months ago
Joined: 2006-07-08 10:22
A few weeks at least

Three or four weeks anyway. Maybe six one time in the last year or two (not days like for Firefox).

Maybe check the "beta" forum too if you're so inclined, which might get something a week or whatever earlier.

Since OpenOffice schedules updates about 4 times a year (like every 13 weeks) and every time there's that long wait here, I can't seriously depend on the Portable being current when I need it. If you use it at a place which frowns on poor security and maybe actively checks for and maybe blocks unpatched or obsolete softwear (like your workplace or library) you might think before starting to depend on this program, nice and handy as it otherwise would be. You risk being locked out of your documents at inconvenient times and places, or risk loss of privileges or worse if you use the old one in desperation.

My advice is to try to get them to install the standard version on their equipment now (before their stock answer becomes "use cloud computing instead"). The portable will always be handy at all those other places where they don't know or care who is running what.

Bh2ooo

Log in or register to post comments