![[TEST] Document Foundation Community](https://communitytest.documentfoundation.org/images/discourse-logo-sketch.png){kind=logo}
To whom it may concern:
LibreOffice 4.1.6.2 is detected as insecure by Secunia PSI. Advisory
SA57383 (Macro Vulnerability). Would you be so kind as to let me know why
this stable version is insecure, but the fresh version 4.2.5 is secure?
Thank you for your timely effort.
Can you supply more details. Secunia has a paywall.
Macros are a well know security hole in all office suites. They potentially allow arbitrary code to be run on an end users computer when the file is opened. For older MS office suites, the default was to run all macros when the file is opened. Recent (after 2005 or so) the default behavior was changed to only allow "trusted" macros the privilege of being allowed to run. I do not know how common this was with other office programs/suites of the same vintage.
I believe LO has always used the model of the "trusted macro only" being granted privileges by default.
Under TOOLS>OPTIONS>LibreOffice/Security click on "Macro Security". Set the security level to high or very high. This will restrict macros from running unless they trusted. This setting works for any macros.
It might be related to this:
https://www.libreoffice.org/about-us/security/advisories/cve-2014-0247/
In this regard, it might be insecure because a macro can get executed even
if the user settings should prevent it to happen.
Regarding the "insecure" aspect, well... macro are a programming language,
and as such can do nasty things by themselves, or expose other
vulnerabilities (that's why their use is usually discouraged). If you only
open documents from "safe, known and reliable sources" the impact should be
minimal, but it's better to be on the side safe of things by updating.
Because the patch that solves the vulnerability has been introduced in
LibreOffice 4.2.5, which is the new stable version (although, I agree,
this is not yet reflected in the webpage).
LibreOffice 4.3.0 will be announced on July 28, and will be the new fresh.
LibreOffice 4.1.x has reached the end of life, as you can check from the
release plan: https://wiki.documentfoundation.org/ReleasePlan#4.1_release.
Hi 
Probably a false-positive. Anti-virus and security programs do have these
from time-to-time. Perhaps contact the Secunia people and let them know?
Regards from
Tom