You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by ma...@apache.org on 2021/10/07 16:32:37 UTC
[openoffice-org] 01/02: Security Bulletin for the Apache OpenOffice
4.1.11 Release
This is an automated email from the ASF dual-hosted git repository.
marcus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/openoffice-org.git
commit 82e46be691a0fbcb7eb8a66da4ac0c7bb26ebf38
Author: Marcus <ma...@apache.org>
AuthorDate: Thu Oct 7 18:30:03 2021 +0200
Security Bulletin for the Apache OpenOffice 4.1.11 Release
---
content/security/cves/CVE-2021-28129.html | 85 ++++++++++++++++++++++++++++
content/security/cves/CVE-2021-33035.html | 87 +++++++++++++++++++++++++++++
content/security/cves/CVE-2021-40439.html | 92 +++++++++++++++++++++++++++++++
3 files changed, 264 insertions(+)
diff --git a/content/security/cves/CVE-2021-28129.html b/content/security/cves/CVE-2021-28129.html
new file mode 100644
index 0000000..cf44fb4
--- /dev/null
+++ b/content/security/cves/CVE-2021-28129.html
@@ -0,0 +1,85 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>CVE-2021-28129</title>
+ </head>
+
+ <body>
+ <p>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28129">CVE-2021-28129</a>
+ </p>
+ <p>
+ <a href="https://www.openoffice.org/security/cves/CVE-2021-28129.html">Apache OpenOffice Advisory</a>
+ </p>
+ <p style="text-align:center; font-size:largest">
+ <strong>CVE-2021-28129 DEB packaging for Apache OpenOffice 4.1.8 installed with a non-root userid and groupid</strong>
+ </p>
+ <p style="text-align:center; font-size:larger">
+ <strong>Fixed in Apache OpenOffice 4.1.11</strong>
+ </p>
+ <p>
+ <strong>Description</strong>
+ </p>
+ <p>
+ While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install
+ using root, but instead used a userid and groupid of 500. This both caused issues with desktop
+ integration and could allow a crafted attack on files owned by that user or group if they exist.
+ </p>
+ <p>
+ <strong>Severity: Moderate</strong>
+ </p>
+ <p>
+ There are no known exploits of this vulnerability.
+ <br />
+ A proof-of-concept demonstration exists.
+ </p>
+ <p>
+ Thanks to the reporter for discovering this issue.
+ </p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+ <p>
+ All Apache OpenOffice versions 4.1.10 and older are affected.
+ <br />
+ OpenOffice.org versions may also be affected.
+ </p>
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>
+ Install Apache OpenOffice 4.1.11 for the latest maintenance and cumulative security fixes.
+ Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>.
+ </p>
+ <p>
+ <strong>Acknowledgments</strong>
+ </p>
+ <p>
+ The Apache OpenOffice Security Team thanks for pointing to this issue.
+ </p>
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>
+ For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+ or make requests to the
+ <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
+ public mailing list.
+ </p>
+ <p>
+ The latest information on Apache OpenOffice security bulletins can be found at the
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>.
+ </p>
+ <hr />
+ <p>
+ <a href="https://security.openoffice.org">Security Home</a>->
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>->
+ <a href="https://www.openoffice.org/security/cves/CVE-2021-28129.html">CVE-2021-28129</a>
+ </p>
+ </body>
+</html>
diff --git a/content/security/cves/CVE-2021-33035.html b/content/security/cves/CVE-2021-33035.html
new file mode 100644
index 0000000..0c21ff7
--- /dev/null
+++ b/content/security/cves/CVE-2021-33035.html
@@ -0,0 +1,87 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>CVE-2021-33035</title>
+ </head>
+
+ <body>
+ <p>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-33035">CVE-2021-33035</a>
+ </p>
+ <p>
+ <a href="https://www.openoffice.org/security/cves/CVE-2021-33035.html">Apache OpenOffice Advisory</a>
+ </p>
+ <p style="text-align:center; font-size:largest">
+ <strong>CVE-2021-33035 Buffer overflow from a crafted DBF file</strong>
+ </p>
+ <p style="text-align:center; font-size:larger">
+ <strong>Fixed in Apache OpenOffice 4.1.11</strong>
+ </p>
+ <p>
+ <strong>Description</strong>
+ </p>
+ <p>
+ Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database
+ files with data organized in fields. When reading DBF data the size of certain fields is not checked:
+ the data is just copied into local variables. A carefully crafted document could overflow the allocated
+ space, leading to the execution of arbitrary code by altering the contents of the program stack.
+ </p>
+ <p>
+ <strong>Severity: Moderate</strong>
+ </p>
+ <p>
+ There are no known exploits of this vulnerability.
+ <br />
+ A proof-of-concept demonstration exists.
+ </p>
+ <p>
+ Thanks to the reporter for discovering this issue.
+ </p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+ <p>
+ All Apache OpenOffice versions 4.1.10 and older are affected.
+ <br />
+ OpenOffice.org versions may also be affected.
+ </p>
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>
+ Install Apache OpenOffice 4.1.11 for the latest maintenance and cumulative security fixes.
+ Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>.
+ </p>
+ <p>
+ <strong>Acknowledgments</strong>
+ </p>
+ <p>
+ The Apache OpenOffice Security Team would like to thank Eugene Lim, Government Technology
+ Agency of Singapore, for discovering and reporting this attack vector.
+ </p>
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>
+ For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+ or make requests to the
+ <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
+ public mailing list.
+ </p>
+ <p>
+ The latest information on Apache OpenOffice security bulletins can be found at the
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>.
+ </p>
+ <hr />
+ <p>
+ <a href="https://security.openoffice.org">Security Home</a>->
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>->
+ <a href="https://www.openoffice.org/security/cves/CVE-2021-33035.html">CVE-2021-33035</a>
+ </p>
+ </body>
+</html>
diff --git a/content/security/cves/CVE-2021-40439.html b/content/security/cves/CVE-2021-40439.html
new file mode 100644
index 0000000..f0a5f71
--- /dev/null
+++ b/content/security/cves/CVE-2021-40439.html
@@ -0,0 +1,92 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>CVE-2021-40439</title>
+ </head>
+
+ <body>
+ <p>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-40439">CVE-2021-40439</a>
+ </p>
+ <p>
+ <a href="https://www.openoffice.org/security/cves/CVE-2021-40439.html">Apache OpenOffice Advisory</a>
+ </p>
+ <p style="text-align:center; font-size:largest">
+ <strong>CVE-2021-40439 "Billion Laughs" fixed in Expat >=2.4.0</strong>
+ </p>
+ <p style="text-align:center; font-size:larger">
+ <strong>Fixed in Apache OpenOffice 4.1.11</strong>
+ </p>
+ <p>
+ <strong>Description</strong>
+ </p>
+ <p>
+ Apache OpenOffice has a dependency on expat software. Versions prior to 2.1.0 were subject to
+ CVE-2013-0340 a "Billion Laughs" entity expansion denial of service attack and exploit via crafted
+ XML files. ODF files consist of a set of XML files.
+ expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer
+ uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service
+ (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted
+ XML document, aka an XML External Entity (XXE) issue.
+ <br />
+ expat is a 3rd party library that is used in the Apache OpenOffice build process to make use of its
+ functions.
+ </p>
+ <p>
+ <strong>Severity: Moderate</strong>
+ </p>
+ <p>
+ There are no known exploits of this vulnerability.
+ <br />
+ A proof-of-concept demonstration exists.
+ </p>
+ <p>
+ Thanks to the reporter for discovering this issue
+ </p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+ <p>
+ All Apache OpenOffice versions 4.1.10 and older are affected.
+ <br />
+ OpenOffice.org versions may also be affected.
+ </p>
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>
+ Install Apache OpenOffice 4.1.11 for the latest maintenance and cumulative security fixes.
+ Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>.
+ </p>
+ <p>
+ <strong>Acknowledgments</strong>
+ </p>
+ <p>
+ The Apache OpenOffice Security Team thanks for pointing to this issue.
+ </p>
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>
+ For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+ or make requests to the
+ <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
+ public mailing list.
+ </p>
+ <p>
+ The latest information on Apache OpenOffice security bulletins can be found at the
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>.
+ </p>
+ <hr />
+ <p>
+ <a href="https://security.openoffice.org">Security Home</a>->
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>->
+ <a href="https://www.openoffice.org/security/cves/CVE-2021-40439.html">CVE-2021-40439</a>
+ </p>
+ </body>
+</html>