You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Dave Fisher <wa...@apache.org> on 2021/10/11 03:04:14 UTC

CVE-2021-41830: Apache OpenOffice: Double Certificate Attack

Severity: high

Description:

It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source.

All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11.

See CVE-2021-25633 for the LibreOffice advisory.



Credit:

Apache OpenOffice would like to thank Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jorg Schwenk of Ruhr University Bochum, Germany