Google Git
Sign in
apache / openoffice-org / bae4ea485ebbd5dfd1014f061bb06a0954836b4b / . / content / security / bulletin.html
blob: b68b4761f4883016efaa3216d269d7cfccd092ec [file] [log] [blame]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Apache OpenOffice Security Team Bulletin</title>
<style>
/*<![CDATA[*/
hr { display: block }
/*]]>*/
</style>
</head>
<body>
<h2>Apache OpenOffice Security Team Bulletin</h2>
<p>
<strong>If you want to stay up to date on Apache OpenOffice security announcements, please
subscribe to our <a href="alerts.html">security-alerts mailing list</a>.</strong>
</p>
<h3>Fixed in Apache OpenOffice 4.1.13</h3>
<ul>
<li><a href="cves/CVE-2022-37400.html">CVE-2022-37400</a>: Static Initialization Vector Allows to Recover Passwords for Web Connections Without Knowing the Master Password</li>
<li><a href="cves/CVE-2022-37401.html">CVE-2022-37401</a>: Weak Master Keys</li>
</ul>
<h3>Fixed in Apache OpenOffice 4.1.11</h3>
<ul>
<li><a href="cves/CVE-2021-28129.html">CVE-2021-28129</a>: DEB packaging installed with a non-root userid and groupid</li>
<li><a href="cves/CVE-2021-33035.html">CVE-2021-33035</a>: Buffer overflow from a crafted DBF file</li>
<li><a href="cves/CVE-2021-40439.html">CVE-2021-40439</a>: "Billion Laughs" fixed in Expat >=2.4.0</li>
<li><a href="cves/CVE-2021-41830.html">CVE-2021-41830</a>: #1 Content Manipulation with Certificate Double Attack</li>
<li><a href="cves/CVE-2021-41830.html">CVE-2021-41830</a>: #2 Macro Manipulation with Certificate Double Attack</li>
<li><a href="cves/CVE-2021-41831.html">CVE-2021-41831</a>: #3 Timestamp Manipulation with Signature Wrapping</li>
<li><a href="cves/CVE-2021-41832.html">CVE-2021-41832</a>: #4 Content Manipulation with Certificate Validation Attack</li>
</ul>
<h3>Fixed in Apache OpenOffice 4.1.10</h3>
<ul>
<li><a href="cves/CVE-2021-30245.html">CVE-2021-30245</a>: Code execution in Apache OpenOffice via non-http(s) schemes in Hyperlinks</li>
</ul>
<h3>Fixed in Apache OpenOffice 4.1.8</h3>
<ul>
<li><a href="cves/CVE-2020-13958.html">CVE-2020-13958</a>: Unrestricted actions leads to arbitrary code execution in crafted documents</li>
</ul>
<h3>Fixed in Apache OpenOffice 4.1.7</h3>
<ul>
<li><a href="cves/CVE-2019-9853.html">CVE-2019-9853</a>: Insufficient URL decoding flaw in categorizing macro location</li>
</ul>
<h3>Fixed in Apache OpenOffice 4.1.6</h3>
<ul>
<li><a href="cves/CVE-2018-11790.html">CVE-2018-11790</a>: Arithmetic overflow and wrap around during string length calculation </li>
</ul>
<h3>Fixed in Apache OpenOffice 4.1.5</h3>
<ul>
<li>No security vulnerabilities fixed in this release</li>
</ul>
<h3>Fixed in Apache OpenOffice 4.1.4</h3>
<ul>
<li><a href="cves/CVE-2017-3157.html">CVE-2017-3157</a>: Arbitrary file disclosure in Calc and Writer</li>
<li><a href="cves/CVE-2017-9806.html">CVE-2017-9806</a>: Out-of-Bounds Write in Writer's WW8Fonts Constructor</li>
<li><a href="cves/CVE-2017-12607.html">CVE-2017-12607</a>: Out-of-Bounds Write in Impress' PPT Filter</li>
<li><a href="cves/CVE-2017-12608.html">CVE-2017-12608</a>: Out-of-Bounds Write in Writer's ImportOldFormatStyles</li>
</ul>
<h3>Fixed in Apache OpenOffice 4.1.3</h3>
<ul>
<li><a href="cves/CVE-2016-1513.html">CVE-2016-1513</a>: Memory Corruption Vulnerability (Impress Presentations)</li>
<li><a href="cves/CVE-2016-6803.html">CVE-2016-6803</a>: Windows Installer Can Enable Privileged Trojan Execution</li>
<li><a href="cves/CVE-2016-6804.html">CVE-2016-6804</a>: Windows Installer Execution of Arbitrary Code with Elevated Privileges</li>
</ul>
<h3>Fixed in Apache OpenOffice 4.1.2</h3>
<ul>
<li><a href="cves/CVE-2015-1774.html">CVE-2015-1774</a>: Out-of-Bounds Write in HWP File Filter</li>
<li><a href="cves/CVE-2015-4551.html">CVE-2015-4551</a>: Targeted Data Disclosure</li>
<li><a href="cves/CVE-2015-5212.html">CVE-2015-5212</a>: ODF Printer Settings Vulnerability</li>
<li><a href="cves/CVE-2015-5213.html">CVE-2015-5213</a>: .DOC Document Vulnerability</li>
<li><a href="cves/CVE-2015-5214.html">CVE-2015-5214</a>: .DOC Bookmarks Vulnerability</li>
</ul>
<h3>Fixed in Apache OpenOffice 4.1.1</h3>
<ul>
<li><a href="cves/CVE-2014-3575.html">CVE-2014-3575</a>: Targeted Data Exposure Using Crafted OLE Objects in Apache OpenOffice</li>
<li><a href="cves/CVE-2014-3524.html">CVE-2014-3524</a>: Calc Command Injection Vulnerability in Apache OpenOffice</li>
</ul>
<h3>Fixed in Apache OpenOffice 4.0.0</h3>
<ul>
<li><a href="cves/CVE-2013-2189.html">CVE-2013-2189</a>: DOC Memory Corruption Vulnerability in Apache OpenOffice</li>
<li><a href="cves/CVE-2013-4156.html">CVE-2013-4156</a>: DOCM Memory Corruption Vulnerability in Apache OpenOffice</li>
</ul>
<h3>Fixed in Apache OpenOffice 3.4.1</h3>
<ul>
<li><a href="cves/CVE-2012-2665.html">CVE-2012-2665</a>: Manifest-processing errors in Apache OpenOffice 3.4.0</li>
<li><a href="cves/CVE-2013-1571.html">CVE-2013-1571</a>: Frame Injection Vulnerability in SDK JavaDoc</li>
</ul>
<h3>Fixed in Apache OpenOffice 3.4.0</h3>
<ul>
<li><a href="cves/CVE-2012-1149.html">CVE-2012-1149</a>: OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object</li>
<li><a href="cves/CVE-2012-2149.html">CVE-2012-2149</a>: OpenOffice.org memory overwrite vulnerability</li>
<li><a href="cves/CVE-2012-2334.html">CVE-2012-2334</a>: Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0</li>
</ul>
<h3>Patches for OpenOffice.org 3.3</h3>
<ul>
<li><a href="cves/CVE-2012-0037.html">CVE-2012-0037</a>: OpenOffice.org data leakage vulnerability</li>
</ul>
<h3>Fixed in OpenOffice.org 3.3</h3>
<ul>
<li><a href="cves/CVE-2010-2935_CVE-2010-2936.html">CVE-2010-2935 / CVE-2010-2936</a>: Security Vulnerability in OpenOffice.org related to PowerPoint document processing</li>
<li><a href="cves/CVE-2010-3450.html">CVE-2010-3450</a>: Security Vulnerability in OpenOffice.org related to Extensions and filter package files</li>
<li><a href="cves/CVE-2010-3451_CVE-2010-3452.html">CVE-2010-3451 / CVE-2010-3452</a>: Security Vulnerability in OpenOffice.org related to RTF document processing </li>
<li><a href="cves/CVE-2010-3453_CVE-2010-3454.html">CVE-2010-3453 / CVE-2010-3454</a>: Security Vulnerability in OpenOffice.org related to Word document processing </li>
<li><a href="cves/CVE-2010-3689.html">CVE-2010-3689</a>: Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts </li>
<li><a href="cves/CVE-2010-3702_CVE-2010-3704.html">CVE-2010-3702 / CVE-2010-3704</a>: Security Vulnerability in OpenOffice.org's PDF Import extension resulting from 3rd party library XPDF</li>
<li><a href="cves/CVE-2010-4008_CVE-2010-4494.html">CVE-2010-4008 / CVE-2010-4494</a>: Possible Security Vulnerability in OpenOffice.org resulting from 3rd party library LIBXML2 </li>
<li><a href="cves/CVE-2010-4253.html">CVE-2010-4253</a>: Security Vulnerability in OpenOffice.org related to PNG file processing </li>
<li><a href="cves/CVE-2010-4643.html">CVE-2010-4643</a>: Security Vulnerability in OpenOffice.org related to TGA file processing </li>
</ul>
<h3>Fixed in OpenOffice.org 3.2.1</h3>
<ul>
<li><a href="cves/CVE-2009-3555.html">CVE-2009-3555</a>: OpenOffice.org 2 and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party Libraries</li>
<li><a href="cves/CVE-2010-0395.html">CVE-2010-0395</a>: Security vulnerability in OpenOffice.org related to python scripting</li>
</ul>
<h3>Fixed in OpenOffice.org 3.2</h3>
<ul>
<li><a href="cves/CVE-2006-4339.html">CVE-2006-4339</a>: Potential vulnerability from 3rd party libxml2 libraries</li>
<li><a href="cves/CVE-2009-0217.html">CVE-2009-0217</a>: Potential vulnerability from 3rd party libxmlsec libraries</li>
<li><a href="cves/CVE-2009-2493.html">CVE-2009-2493</a>: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime</li>
<li><a href="cves/CVE-2009-2949.html">CVE-2009-2949</a>: Potential vulnerability related to XPM file processing</li>
<li><a href="cves/CVE-2009-2950.html">CVE-2009-2950</a>: Potential vulnerability related to GIF file processing</li>
<li><a href="cves/CVE-2009-3301-3302.html">CVE-2009-3301/2</a>: Potential vulnerability related to MS-Word document processing</li>
</ul>
<h3>Fixed in OpenOffice.org 3.1.1</h3>
<ul>
<li><a href="cves/CVE-2009-0200-0201.html">CVE-2009-0200 / CVE-2009-0201</a>: Manipulated Microsoft Word files can lead to heap overflows and arbitrary code execution</li>
<li><a href="cves/CVE-2009-2414-2416.html">CVE-2009-2414 / CVE-2009-2416</a>: Manipulated XML documents can lead to arbitrary code execution</li>
</ul>
<h3>Fixed in OpenOffice.org 3.1</h3>
<ul>
<li>No security vulnerabilities fixed in this release</li>
</ul>
<h3>Fixed in OpenOffice.org 3.0.1</h3>
<ul>
<li>No security vulnerabilities fixed in this release</li>
</ul>
<h3>Fixed in OpenOffice.org 3.0</h3>
<ul>
<li>No security vulnerabilities fixed in this release</li>
</ul>
<h3>Fixed in OpenOffice.org 2.4.3</h3>
<ul>
<li><a href="cves/CVE-2009-0200-0201.html">CVE-2009-0200 / CVE-2009-0201</a>: Manipulated Microsoft Word files can lead to heap overflows and arbitrary code execution</li>
<li><a href="cves/CVE-2009-2414-2416.html">CVE-2009-2414 / CVE-2009-2416</a>: Manipulated XML documents can lead to arbitrary code execution</li>
</ul>
<h3>Fixed in OpenOffice.org 2.4.2</h3>
<ul>
<li><a href="cves/CVE-2008-2237.html">CVE-2008-2237</a>: Manipulated WMF files can lead to heap overflows and arbitrary code execution</li>
<li><a href="cves/CVE-2008-2238.html">CVE-2008-2238</a>: Manipulated EMF files can lead to heap overflows and arbitrary code execution</li>
</ul>
<h3>Fixed in OpenOffice.org 2.4.1</h3>
<ul>
<li><a href="cves/CVE-2008-2152.html">CVE-2008-2152</a>: Different kinds of manipulated files may lead to heap overflows and arbitrary code execution</li>
</ul>
<h3>Fixed in OpenOffice.org 2.4</h3>
<ul>
<li><a href="cves/CVE-2007-4770.html">CVE-2007-4770/4771</a>: Manipulated ODF text documents containing XForms can lead to heap overflows and arbitrary code execution</li>
<li><a href="cves/CVE-2007-5745.html">CVE-2007-5745/5747</a>: Manipulated Quattro Pro files can lead to heap overflows and arbitrary code execution</li>
<li><a href="cves/CVE-2007-5746.html">CVE-2007-5746</a>: Manipulated EMF files can lead to heap overflows and arbitrary code execution</li>
<li><a href="cves/CVE-2008-0320.html">CVE-2008-0320</a>: Manipulated OLE files can lead to heap overflows and arbitrary code execution</li>
</ul>
<h3>Fixed in OpenOffice.org 2.3.1</h3>
<ul>
<li><a href="cves/CVE-2007-4575.html">CVE-2007-4575</a>: Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)</li>
</ul>
<h3>Fixed in OpenOffice.org 2.3</h3>
<ul>
<li><a href="cves/CVE-2007-2834.html">CVE-2007-2834</a>: Manipulated TIFF files can lead to heap overflows and arbitrary code execution</li>
</ul>
<h3>Fixed in OpenOffice.org 2.2.1</h3>
<ul>
<li><a href="cves/CVE-2007-2754.html">CVE-2007-2754</a>: Integer overflow and heap-based buffer overflow vulnerability in 3rd party module (freetype)</li>
<li><a href="cves/CVE-2007-0245.html">CVE-2007-0245</a>: Manipulated RTF files can lead to heap overflows and arbitrary code execution</li>
</ul>
<h3>Fixed in OpenOffice.org 2.2</h3>
<ul>
<li><a href="cves/CVE-2007-0239.html">CVE-2007-0239</a>: URL Handling Security Vulnerability (Linux/Solaris)</li>
<li><a href="cves/CVE-2007-0238.html">CVE-2007-0238</a>: StarCalc Vulnerability</li>
<li><a href="cves/CVE-2007-2.html">CVE-2007-002</a>: WordPerfect Import Vulnerability</li>
</ul>
<h3>Fixed in OpenOffice.org 2.1</h3>
<ul>
<li><a href="cves/CVE-2006-5870.html">CVE-2006-5870</a>: WMF/EMF Processing Failures</li>
</ul>
<h3>Fixed in OpenOffice.org 2.0.3</h3>
<ul>
<li><a href="cves/CVE-2006-2199.html">CVE-2006-2199</a>: Java Applets</li>
<li><a href="cves/CVE-2006-2198.html">CVE-2006-2198</a>: Macro</li>
<li><a href="cves/CVE-2006-3117.html">CVE-2006-3117</a>: File Format</li>
</ul>
<hr />
<p>
<a href="http://security.openoffice.org/">Security Home</a> -&gt;
<a href="http://security.openoffice.org/bulletin.html">Bulletin</a>
</p>
</body>
</html>