You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by ma...@apache.org on 2023/12/28 13:43:47 UTC
(openoffice-org) 02/02: Security Bulletin for the Apache OpenOffice 4.1.15 Release
This is an automated email from the ASF dual-hosted git repository.
marcus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/openoffice-org.git
commit 7173685de11fdcbc69b88f3f7556d909cbfa3fd3
Author: Marcus <ma...@apache.org>
AuthorDate: Thu Dec 28 14:42:23 2023 +0100
Security Bulletin for the Apache OpenOffice 4.1.15 Release
---
content/security/cves/CVE-2012-5639.html | 85 +++++++++++++++++++++++++++++
content/security/cves/CVE-2022-43680.html | 84 +++++++++++++++++++++++++++++
content/security/cves/CVE-2023-1183.html | 88 ++++++++++++++++++++++++++++++
content/security/cves/CVE-2023-47804.html | 90 +++++++++++++++++++++++++++++++
4 files changed, 347 insertions(+)
diff --git a/content/security/cves/CVE-2012-5639.html b/content/security/cves/CVE-2012-5639.html
new file mode 100644
index 0000000000..50a2734d60
--- /dev/null
+++ b/content/security/cves/CVE-2012-5639.html
@@ -0,0 +1,85 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>CVE-2012-5639</title>
+ </head>
+
+ <body>
+ <p>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5639">CVE-2012-5639</a>
+ </p>
+ <p>
+ <a href="https://www.openoffice.org/security/cves/CVE-2012-5639.html">Apache OpenOffice Advisory</a>
+ </p>
+ <p style="text-align:center; font-size:largest">
+ <strong>Loading internal / external resources without warning</strong>
+ </p>
+ <p style="text-align:center; font-size:larger">
+ <strong>Fixed in Apache OpenOffice 4.1.15</strong>
+ </p>
+ <p>
+ <strong>Description</strong>
+ </p>
+ <p>
+ In Apache OpenOffice and LibreOffice embedded content will be opened automatically without
+ that a warning is shown.
+ </p>
+ <p>
+ <strong>Severity: Moderate</strong>
+ </p>
+ <p>
+ There are no known exploits of this vulnerability.
+ <br />
+ A proof-of-concept demonstration exists.
+ </p>
+ <p>
+ Thanks to the reporter for discovering this issue.
+ </p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+ <p>
+ All Apache OpenOffice versions 4.1.14 and older are affected.
+ <br />
+ OpenOffice.org versions may also be affected.
+ </p>
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>
+ Install Apache OpenOffice 4.1.15 for the latest maintenance and cumulative security fixes.
+ Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>.
+ </p>
+ <p>
+ <strong>Acknowledgments</strong>
+ </p>
+ <p>
+ The Apache OpenOffice Security Team would like to thank Timo Warns and
+ Joachim Mammele for discovering and reporting this attack vector.
+ </p>
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>
+ For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+ or make requests to the
+ <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
+ public mailing list.
+ </p>
+ <p>
+ The latest information on Apache OpenOffice security bulletins can be found at the
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>.
+ </p>
+ <hr />
+ <p>
+ <a href="https://security.openoffice.org">Security Home</a>->
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>->
+ <a href="https://www.openoffice.org/security/cves/CVE-2022-47502.html">CVE-2012-5639</a>
+ </p>
+ </body>
+</html>
diff --git a/content/security/cves/CVE-2022-43680.html b/content/security/cves/CVE-2022-43680.html
new file mode 100644
index 0000000000..32034c0ba8
--- /dev/null
+++ b/content/security/cves/CVE-2022-43680.html
@@ -0,0 +1,84 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>CVE-2022-43680</title>
+ </head>
+
+ <body>
+ <p>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-43680">CVE-2022-43680</a>
+ </p>
+ <p>
+ <a href="https://www.openoffice.org/security/cves/CVE-2022-43680.html">Apache OpenOffice Advisory</a>
+ </p>
+ <p style="text-align:center; font-size:largest">
+ <strong>Use-after free" fixed in expat >= 2.4.9</strong>
+ </p>
+ <p style="text-align:center; font-size:larger">
+ <strong>Fixed in Apache OpenOffice 4.1.15</strong>
+ </p>
+ <p>
+ <strong>Description</strong>
+ </p>
+ <p>
+ In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD
+ in XML_ExternalEntityParserCreate in out-of-memory situations.
+ </p>
+ <p>
+ <strong>Severity: Moderate</strong>
+ </p>
+ <p>
+ There are no known exploits of this vulnerability.
+ <br />
+ A proof-of-concept demonstration does not exist.
+ </p>
+ <p>
+ Thanks to the reporter for discovering this issue.
+ </p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+ <p>
+ All Apache OpenOffice versions 4.1.14 and older are affected.
+ <br />
+ OpenOffice.org versions may also be affected.
+ </p>
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>
+ Install Apache OpenOffice 4.1.15 for the latest maintenance and cumulative security fixes.
+ Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>.
+ </p>
+ <p>
+ <strong>Acknowledgments</strong>
+ </p>
+ <p>
+ n/a
+ </p>
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>
+ For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+ or make requests to the
+ <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
+ public mailing list.
+ </p>
+ <p>
+ The latest information on Apache OpenOffice security bulletins can be found at the
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>.
+ </p>
+ <hr />
+ <p>
+ <a href="https://security.openoffice.org">Security Home</a>->
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>->
+ <a href="https://www.openoffice.org/security/cves/CVE-2022-43680.html">CVE-2022-43680</a>
+ </p>
+ </body>
+</html>
diff --git a/content/security/cves/CVE-2023-1183.html b/content/security/cves/CVE-2023-1183.html
new file mode 100644
index 0000000000..791f32072f
--- /dev/null
+++ b/content/security/cves/CVE-2023-1183.html
@@ -0,0 +1,88 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>CVE-2023-1183</title>
+ </head>
+
+ <body>
+ <p>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1183">CVE-2023-1183</a>
+ </p>
+ <p>
+ <a href="https://www.openoffice.org/security/cves/CVE-2023-1183.html">Apache OpenOffice Advisory</a>
+ </p>
+ <p style="text-align:center; font-size:largest">
+ <strong>Arbitrary file write in Apache OpenOffice Base</strong>
+ </p>
+ <p style="text-align:center; font-size:larger">
+ <strong>Fixed in Apache OpenOffice 4.1.15</strong>
+ </p>
+ <p>
+ <strong>Description</strong>
+ </p>
+ <p>
+ An attacker can craft an OBD containing a "database/script" file with a SCRIPT command where
+ the contents of the file could be written to a new file whose location was determined by the
+ attacker.
+ </p>
+ <p>
+ <strong>Severity: Moderate</strong>
+ </p>
+ <p>
+ There are no known exploits of this vulnerability.
+ <br />
+ A proof-of-concept demonstration exists.
+ </p>
+ <p>
+ Thanks to the reporter for discovering this issue.
+ </p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+ <p>
+ All Apache OpenOffice versions 4.1.14 and older are affected.
+ <br />
+ OpenOffice.org versions may also be affected.
+ </p>
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>
+ Install Apache OpenOffice 4.1.15 for the latest maintenance and cumulative security fixes.
+ Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>.
+ </p>
+ <p>
+ <strong>Acknowledgments</strong>
+ </p>
+ <p>
+ The Apache OpenOffice Security Team would like to thank Gregor Kopf of Secfault Security
+ GmbH (Germany) for discovering and reporting this attack vector and Fred Toussi for kindly
+ providing a solution to this issue within HSQLDB.
+
+ </p>
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>
+ For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+ or make requests to the
+ <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
+ public mailing list.
+ </p>
+ <p>
+ The latest information on Apache OpenOffice security bulletins can be found at the
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>.
+ </p>
+ <hr />
+ <p>
+ <a href="https://security.openoffice.org">Security Home</a>->
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>->
+ <a href="https://www.openoffice.org/security/cves/CVE-2023-1183.html">2023-1183</a>
+ </p>
+ </body>
+</html>
diff --git a/content/security/cves/CVE-2023-47804.html b/content/security/cves/CVE-2023-47804.html
new file mode 100644
index 0000000000..b286e92d69
--- /dev/null
+++ b/content/security/cves/CVE-2023-47804.html
@@ -0,0 +1,90 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>CVE-2023-47804</title>
+ </head>
+
+ <body>
+ <p>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-47804">CVE-2023-47804</a>
+ </p>
+ <p>
+ <a href="https://www.openoffice.org/security/cves/CVE-2023-47804.html">Apache OpenOffice Advisory</a>
+ </p>
+ <p style="text-align:center; font-size:largest">
+ <strong>Macro URL arbitrary script execution</strong>
+ </p>
+ <p style="text-align:center; font-size:larger">
+ <strong>Fixed in Apache OpenOffice 4.1.15</strong>
+ </p>
+ <p>
+ <strong>Description</strong>
+ </p>
+ <p>
+ Apache OpenOffice documents can contain links that call internal macros with arbitrary
+ arguments. Several URI Schemes are defined for this purpose. Links can be activated by
+ clicks, or by automatic document events. The execution of such links must be subject to
+ user approval. In the affected versions of Apache OpenOffice, approval for certain links
+ is not requested; when activated, such links could therefore result in arbitrary script
+ execution. This is a corner case of
+ <a href="https://www.openoffice.org/security/cves/CVE-2022-47502.html">2022-47502</a>.
+ </p>
+ <p>
+ <strong>Severity: Moderate</strong>
+ </p>
+ <p>
+ There are no known exploits of this vulnerability.
+ <br />
+ A proof-of-concept demonstration exists.
+ </p>
+ <p>
+ Thanks to the reporter for discovering this issue.
+ </p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+ <p>
+ All Apache OpenOffice versions 4.1.14 and older are affected.
+ <br />
+ OpenOffice.org versions may also be affected.
+ </p>
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>
+ Install Apache OpenOffice 4.1.15 for the latest maintenance and cumulative security fixes.
+ Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>.
+ </p>
+ <p>
+ <strong>Acknowledgments</strong>
+ </p>
+ <p>
+ The Apache OpenOffice Security Team would like to thank Amel BOUZIANE- LEBLOND (aka Icare
+ Bug Bounty Hunter) for discovering and reporting this attack vector.
+ </p>
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>
+ For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+ or make requests to the
+ <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
+ public mailing list.
+ </p>
+ <p>
+ The latest information on Apache OpenOffice security bulletins can be found at the
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>.
+ </p>
+ <hr />
+ <p>
+ <a href="https://security.openoffice.org">Security Home</a>->
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>->
+ <a href="https://www.openoffice.org/security/cves/CVE-2023-47804.html">2023-47804</a>
+ </p>
+ </body>
+</html>