Jump to content
Login new information ×
Login new information
  • Security & Privacy News

    Apache OpenOffice users should upgrade to newest security release!

    aum

    By aum,
    Published Date:

    • 592 views
    • 2 minutes
     Share
    • 592 views
    • 2 minutes

    The Apache Software Foundation (ASF) has released Apache OpenOffice 4.1.11, which fixes a handful of security vulnerabilities, including CVE-2021-33035, a recently revealed RCE vulnerability that could be triggered via a specially crafted document.

     

    About Apache OpenOffice


    Apache OpenOffice is an open-source office productivity suite that includes a word processor (Writer), a spreadsheet tool (Calc), a presentation editor (Impress), a vector graphics drawing editor (Draw), a mathematical formula editor (Math), and a database management program (Base).

    It is developed by the Apache Software Foundation and welcomes contributions from its code community. According to the ASF, since its initial release it has been downloaded by hundreds of millions of users: individuals as well as businesses and organizations.

     

    The suite is available for Windows, macOS and Linux.

     

    The fixed vulnerabilities


    As previously mentioned, the fix for CVE-2021-33035 has finally found its way into an official release of the suite.

     

    Apache OpenOffice 4.1.11 also comes with a fix for CVE-2021-40439, a security vulnerability in the third-party XML parser library included in the suite that allowed billion laughs (DoS) attacks.

     

    CVE-2021-41830 and CVE-2021-41832 allow attackers to manipulate signed documents and macros to appear to come from a trusted source, and CVE-2021-41831 allows the manipulation of the timestamp of signed documents. These vulnerabilities were uncovered by researchers Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jorg Schwenk of Ruhr University Bochum, Germany, and also affect LibreOffice (they have been fixed in LibreOffice 7.0.6/7.1.2).

     

    Finally, Apache has fixed CVE-2021-28129, a potential security issue with the suite’s DEB package.

     

    For information about other bugs fixed and enhancements/features introduced in Apache OpenOffice 4.1.11, check out the release notes.

    “All users of Apache OpenOffice 4.1.10 or earlier are strongly advised to upgrade,” the ASF noted. “Windows 11 users can now also get Apache OpenOffice for selected languages in the Microsoft Store.”

     

    Source

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...