You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by ma...@apache.org on 2023/03/17 11:46:01 UTC
[openoffice-org] branch main updated: Security Bulletin for the Apache OpenOffice 4.1.14 Release
This is an automated email from the ASF dual-hosted git repository.
marcus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/openoffice-org.git
The following commit(s) were added to refs/heads/main by this push:
new e6ffcd0fc9 Security Bulletin for the Apache OpenOffice 4.1.14 Release
e6ffcd0fc9 is described below
commit e6ffcd0fc9c81db01729ce763077ddd586ba150a
Author: Marcus <ma...@apache.org>
AuthorDate: Fri Mar 17 12:42:21 2023 +0100
Security Bulletin for the Apache OpenOffice 4.1.14 Release
---
content/security/cves/CVE-2022-38745.html | 85 ++++++++++++++++++++++++++++++
content/security/cves/CVE-2022-40674.html | 74 ++++++++++++++++++++++++++
content/security/cves/CVE-2022-47502.html | 87 +++++++++++++++++++++++++++++++
3 files changed, 246 insertions(+)
diff --git a/content/security/cves/CVE-2022-38745.html b/content/security/cves/CVE-2022-38745.html
new file mode 100644
index 0000000000..32960664bf
--- /dev/null
+++ b/content/security/cves/CVE-2022-38745.html
@@ -0,0 +1,85 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>CVE-2022-38745</title>
+ </head>
+
+ <body>
+ <p>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-38745">CVE-2022-38745</a>
+ </p>
+ <p>
+ <a href="https://www.openoffice.org/security/cves/CVE-2022-38745.html">Apache OpenOffice Advisory</a>
+ </p>
+ <p style="text-align:center; font-size:largest">
+ <strong>An empty class path may lead to run arbitrary Java code</strong>
+ </p>
+ <p style="text-align:center; font-size:larger">
+ <strong>Fixed in Apache OpenOffice 4.1.14</strong>
+ </p>
+ <p>
+ <strong>Description</strong>
+ </p>
+ <p>
+ It is possible to configure Apache OpenOffice so that it launches the JVM giving an empty class path,
+ that means: "load classes from the current directory". This may lead to run arbitrary Java code.
+ </p>
+ <p>
+ <strong>Severity: Moderate</strong>
+ </p>
+ <p>
+ There are no known exploits of this vulnerability.
+ <br />
+ A proof-of-concept demonstration does not exist.
+ </p>
+ <p>
+ Thanks to the reporter for discovering this issue.
+ </p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+ <p>
+ All Apache OpenOffice versions 4.1.13 and older are affected.
+ <br />
+ OpenOffice.org versions may also be affected.
+ </p>
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>
+ Install Apache OpenOffice 4.1.14 for the latest maintenance and cumulative security fixes.
+ Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>.
+ </p>
+ <p>
+ <strong>Acknowledgments</strong>
+ </p>
+ <p>
+ The Apache OpenOffice Security Team would like to thank ? for discovering and reporting this
+ attack vector.
+ </p>
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>
+ For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+ or make requests to the
+ <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
+ public mailing list.
+ </p>
+ <p>
+ The latest information on Apache OpenOffice security bulletins can be found at the
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>.
+ </p>
+ <hr />
+ <p>
+ <a href="https://security.openoffice.org">Security Home</a>->
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>->
+ <a href="https://www.openoffice.org/security/cves/CVE-2022-38745.html">CVE-2022-38745</a>
+ </p>
+ </body>
+</html>
diff --git a/content/security/cves/CVE-2022-40674.html b/content/security/cves/CVE-2022-40674.html
new file mode 100644
index 0000000000..3ffd30dde7
--- /dev/null
+++ b/content/security/cves/CVE-2022-40674.html
@@ -0,0 +1,74 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>CVE-2022-40674</title>
+ </head>
+
+ <body>
+ <p>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40674">CVE-2022-40674</a>
+ </p>
+ <p>
+ <a href="https://www.openoffice.org/security/cves/CVE-2022-40674.html">Apache OpenOffice Advisory</a>
+ </p>
+ <p style="text-align:center; font-size:largest">
+ <strong>"Use after free" fixed in expat >= 2.4.9</strong>
+ </p>
+ <p style="text-align:center; font-size:larger">
+ <strong>Fixed in Apache OpenOffice 4.1.14</strong>
+ </p>
+ <p>
+ <strong>Description</strong>
+ </p>
+ <p>
+ libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
+ </p>
+ <p>
+ <strong>Severity: Moderate</strong>
+ </p>
+ <p>
+ There are no known exploits of this vulnerability.
+ <br />
+ A proof-of-concept demonstration does not exist.
+ </p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+ <p>
+ All Apache OpenOffice versions 4.1.13 and older are affected.
+ <br />
+ OpenOffice.org versions may also be affected.
+ </p>
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>
+ Install Apache OpenOffice 4.1.14 for the latest maintenance and cumulative security fixes.
+ Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>.
+ </p>
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>
+ For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+ or make requests to the
+ <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
+ public mailing list.
+ </p>
+ <p>
+ The latest information on Apache OpenOffice security bulletins can be found at the
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>.
+ </p>
+ <hr />
+ <p>
+ <a href="https://security.openoffice.org">Security Home</a>->
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>->
+ <a href="https://www.openoffice.org/security/cves/CVE-2022-40674.html">CVE-2022-40674</a>
+ </p>
+ </body>
+</html>
diff --git a/content/security/cves/CVE-2022-47502.html b/content/security/cves/CVE-2022-47502.html
new file mode 100644
index 0000000000..fc73c7a6e5
--- /dev/null
+++ b/content/security/cves/CVE-2022-47502.html
@@ -0,0 +1,87 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>CVE-2022-47502</title>
+ </head>
+
+ <body>
+ <p>
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-47502">CVE-2022-47502</a>
+ </p>
+ <p>
+ <a href="https://www.openoffice.org/security/cves/CVE-2022-47502.html">Apache OpenOffice Advisory</a>
+ </p>
+ <p style="text-align:center; font-size:largest">
+ <strong>Macro URL arbitrary script execution without warning</strong>
+ </p>
+ <p style="text-align:center; font-size:larger">
+ <strong>Fixed in Apache OpenOffice 4.1.14</strong>
+ </p>
+ <p>
+ <strong>Description</strong>
+ </p>
+ <p>
+ Apache OpenOffice supports Office URI Schemes to enable browser integration of Apache OpenOffice with
+ MS SharePoint server. In the affected versions links could be constructed to call internal macros
+ with arbitrary arguments. Which when clicked on, or activated by document events, could result in
+ arbitrary script execution without warning.
+ </p>
+ <p>
+ <strong>Severity: Moderate</strong>
+ </p>
+ <p>
+ There are no known exploits of this vulnerability.
+ <br />
+ A proof-of-concept demonstration exists.
+ </p>
+ <p>
+ Thanks to the reporter for discovering this issue.
+ </p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+ <p>
+ All Apache OpenOffice versions 4.1.13 and older are affected.
+ <br />
+ OpenOffice.org versions may also be affected.
+ </p>
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>
+ Install Apache OpenOffice 4.1.14 for the latest maintenance and cumulative security fixes.
+ Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>.
+ </p>
+ <p>
+ <strong>Acknowledgments</strong>
+ </p>
+ <p>
+ The Apache OpenOffice Security Team would like to thank Altin Thartori (tin-z) for discovering and
+ reporting this attack vector.
+ </p>
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>
+ For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+ or make requests to the
+ <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
+ public mailing list.
+ </p>
+ <p>
+ The latest information on Apache OpenOffice security bulletins can be found at the
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>.
+ </p>
+ <hr />
+ <p>
+ <a href="https://security.openoffice.org">Security Home</a>->
+ <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>->
+ <a href="https://www.openoffice.org/security/cves/CVE-2022-47502.html">CVE-2022-47502</a>
+ </p>
+ </body>
+</html>