You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by ma...@apache.org on 2021/10/07 16:32:37 UTC

[openoffice-org] 01/02: Security Bulletin for the Apache OpenOffice 4.1.11 Release

This is an automated email from the ASF dual-hosted git repository.

marcus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/openoffice-org.git

commit 82e46be691a0fbcb7eb8a66da4ac0c7bb26ebf38
Author: Marcus <ma...@apache.org>
AuthorDate: Thu Oct 7 18:30:03 2021 +0200

    Security Bulletin for the Apache OpenOffice 4.1.11 Release
---
 content/security/cves/CVE-2021-28129.html | 85 ++++++++++++++++++++++++++++
 content/security/cves/CVE-2021-33035.html | 87 +++++++++++++++++++++++++++++
 content/security/cves/CVE-2021-40439.html | 92 +++++++++++++++++++++++++++++++
 3 files changed, 264 insertions(+)

diff --git a/content/security/cves/CVE-2021-28129.html b/content/security/cves/CVE-2021-28129.html
new file mode 100644
index 0000000..cf44fb4
--- /dev/null
+++ b/content/security/cves/CVE-2021-28129.html
@@ -0,0 +1,85 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>CVE-2021-28129</title>
+  </head>
+
+  <body>
+    <p>
+      <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28129">CVE-2021-28129</a>
+    </p>
+    <p>
+      <a href="https://www.openoffice.org/security/cves/CVE-2021-28129.html">Apache OpenOffice Advisory</a>
+    </p>
+    <p style="text-align:center; font-size:largest">
+      <strong>CVE-2021-28129 DEB packaging for Apache OpenOffice 4.1.8 installed with a non-root userid and groupid</strong>
+    </p>
+    <p style="text-align:center; font-size:larger">
+      <strong>Fixed in Apache OpenOffice 4.1.11</strong>
+    </p>
+    <p>
+      <strong>Description</strong>
+    </p>
+    <p>
+      While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install
+      using root, but instead used a userid and groupid of 500. This both caused issues with desktop
+      integration and could allow a crafted attack on files owned by that user or group if they exist.
+    </p>
+    <p>
+      <strong>Severity: Moderate</strong>
+    </p>
+    <p>
+      There are no known exploits of this vulnerability.
+      <br />
+      A proof-of-concept demonstration exists.
+    </p>
+    <p>
+      Thanks to the reporter for discovering this issue.
+    </p>
+    <p>
+      <strong>Vendor: The Apache Software Foundation</strong>
+    </p>
+    <p>
+      <strong>Versions Affected</strong>
+    </p>
+    <p>
+      All Apache OpenOffice versions 4.1.10 and older are affected.
+      <br />
+      OpenOffice.org versions may also be affected.
+    </p>
+    <p>
+      <strong>Mitigation</strong>
+    </p>
+    <p>
+      Install Apache OpenOffice 4.1.11 for the latest maintenance and cumulative security fixes.
+      Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>.
+    </p>
+    <p>
+      <strong>Acknowledgments</strong>
+    </p>
+    <p>
+      The Apache OpenOffice Security Team thanks for pointing to this issue.
+    </p>
+    <p>
+      <strong>Further Information</strong>
+    </p>
+    <p>
+      For additional information and assistance, consult the
+      <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+      or make requests to the
+      <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
+      public mailing list.
+    </p>
+    <p>
+      The latest information on Apache OpenOffice security bulletins can be found at the
+      <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>.
+    </p>
+    <hr />
+    <p>
+      <a href="https://security.openoffice.org">Security Home</a>-&gt;
+      <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>-&gt;
+      <a href="https://www.openoffice.org/security/cves/CVE-2021-28129.html">CVE-2021-28129</a>
+    </p>
+  </body>
+</html>
diff --git a/content/security/cves/CVE-2021-33035.html b/content/security/cves/CVE-2021-33035.html
new file mode 100644
index 0000000..0c21ff7
--- /dev/null
+++ b/content/security/cves/CVE-2021-33035.html
@@ -0,0 +1,87 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>CVE-2021-33035</title>
+  </head>
+
+  <body>
+    <p>
+      <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33035">CVE-2021-33035</a>
+    </p>
+    <p>
+      <a href="https://www.openoffice.org/security/cves/CVE-2021-33035.html">Apache OpenOffice Advisory</a>
+    </p>
+    <p style="text-align:center; font-size:largest">
+      <strong>CVE-2021-33035 Buffer overflow from a crafted DBF file</strong>
+    </p>
+    <p style="text-align:center; font-size:larger">
+      <strong>Fixed in Apache OpenOffice 4.1.11</strong>
+    </p>
+    <p>
+      <strong>Description</strong>
+    </p>
+    <p>
+      Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database
+      files with data organized in fields. When reading DBF data the size of certain fields is not checked:
+      the data is just copied into local variables. A carefully crafted document could overflow the allocated
+      space, leading to the execution of arbitrary code by altering the contents of the program stack.
+    </p>
+    <p>
+      <strong>Severity: Moderate</strong>
+    </p>
+    <p>
+      There are no known exploits of this vulnerability.
+      <br />
+      A proof-of-concept demonstration exists.
+    </p>
+    <p>
+      Thanks to the reporter for discovering this issue.
+    </p>
+    <p>
+      <strong>Vendor: The Apache Software Foundation</strong>
+    </p>
+    <p>
+      <strong>Versions Affected</strong>
+    </p>
+    <p>
+      All Apache OpenOffice versions 4.1.10 and older are affected.
+      <br />
+      OpenOffice.org versions may also be affected.
+    </p>
+    <p>
+      <strong>Mitigation</strong>
+    </p>
+    <p>
+      Install Apache OpenOffice 4.1.11 for the latest maintenance and cumulative security fixes.
+      Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>.
+    </p>
+    <p>
+      <strong>Acknowledgments</strong>
+    </p>
+    <p>
+      The Apache OpenOffice Security Team would like to thank Eugene Lim, Government Technology
+      Agency of Singapore, for discovering and reporting this attack vector.
+    </p>
+    <p>
+      <strong>Further Information</strong>
+    </p>
+    <p>
+      For additional information and assistance, consult the
+      <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+      or make requests to the
+      <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
+      public mailing list.
+    </p>
+    <p>
+      The latest information on Apache OpenOffice security bulletins can be found at the
+      <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>.
+    </p>
+    <hr />
+    <p>
+      <a href="https://security.openoffice.org">Security Home</a>-&gt;
+      <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>-&gt;
+      <a href="https://www.openoffice.org/security/cves/CVE-2021-33035.html">CVE-2021-33035</a>
+    </p>
+  </body>
+</html>
diff --git a/content/security/cves/CVE-2021-40439.html b/content/security/cves/CVE-2021-40439.html
new file mode 100644
index 0000000..f0a5f71
--- /dev/null
+++ b/content/security/cves/CVE-2021-40439.html
@@ -0,0 +1,92 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>CVE-2021-40439</title>
+  </head>
+
+  <body>
+    <p>
+      <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-40439">CVE-2021-40439</a>
+    </p>
+    <p>
+      <a href="https://www.openoffice.org/security/cves/CVE-2021-40439.html">Apache OpenOffice Advisory</a>
+    </p>
+    <p style="text-align:center; font-size:largest">
+      <strong>CVE-2021-40439 "Billion Laughs" fixed in Expat >=2.4.0</strong>
+    </p>
+    <p style="text-align:center; font-size:larger">
+      <strong>Fixed in Apache OpenOffice 4.1.11</strong>
+    </p>
+    <p>
+      <strong>Description</strong>
+    </p>
+    <p>
+      Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to
+      CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted
+      XML files. ODF files consist of a set of XML files.
+      expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer
+      uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service
+      (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted
+      XML document, aka an XML External Entity (XXE) issue.
+      <br />
+      expat is a 3rd party library that is used in the Apache OpenOffice build process to make use of its
+      functions.
+    </p>
+    <p>
+      <strong>Severity: Moderate</strong>
+    </p>
+    <p>
+      There are no known exploits of this vulnerability.
+      <br />
+      A proof-of-concept demonstration exists.
+    </p>
+    <p>
+      Thanks to the reporter for discovering this issue
+    </p>
+    <p>
+      <strong>Vendor: The Apache Software Foundation</strong>
+    </p>
+    <p>
+      <strong>Versions Affected</strong>
+    </p>
+    <p>
+      All Apache OpenOffice versions 4.1.10 and older are affected.
+      <br />
+      OpenOffice.org versions may also be affected.
+    </p>
+    <p>
+      <strong>Mitigation</strong>
+    </p>
+    <p>
+      Install Apache OpenOffice 4.1.11 for the latest maintenance and cumulative security fixes.
+      Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>.
+    </p>
+    <p>
+      <strong>Acknowledgments</strong>
+    </p>
+    <p>
+      The Apache OpenOffice Security Team thanks for pointing to this issue.
+    </p>
+    <p>
+      <strong>Further Information</strong>
+    </p>
+    <p>
+      For additional information and assistance, consult the
+      <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+      or make requests to the
+      <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
+      public mailing list.
+    </p>
+    <p>
+      The latest information on Apache OpenOffice security bulletins can be found at the
+      <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>.
+    </p>
+    <hr />
+    <p>
+      <a href="https://security.openoffice.org">Security Home</a>-&gt;
+      <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>-&gt;
+      <a href="https://www.openoffice.org/security/cves/CVE-2021-40439.html">CVE-2021-40439</a>
+    </p>
+  </body>
+</html>