Security News > 2021 > October > Apache OpenOffice users should upgrade to newest security release!

Apache OpenOffice users should upgrade to newest security release!
2021-10-12 11:01

The Apache Software Foundation has released Apache OpenOffice 4.1.11, which fixes a handful of security vulnerabilities, including CVE-2021-33035, a recently revealed RCE vulnerability that could be triggered via a specially crafted document.

Apache OpenOffice is an open-source office productivity suite that includes a word processor, a spreadsheet tool, a presentation editor, a vector graphics drawing editor, a mathematical formula editor, and a database management program.

Apache OpenOffice 4.1.11 also comes with a fix for CVE-2021-40439, a security vulnerability in the third-party XML parser library included in the suite that allowed billion laughs attacks.

For information about other bugs fixed and enhancements/features introduced in Apache OpenOffice 4.1.11, check out the release notes.

"All users of Apache OpenOffice 4.1.10 or earlier are strongly advised to upgrade," the ASF noted.

"Windows 11 users can now also get Apache OpenOffice for selected languages in the Microsoft Store."


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/YUfojk94HCY/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-10-07 CVE-2021-40439 XXE vulnerability in Apache Openoffice
Apache OpenOffice has a dependency on expat software.
network
low complexity
apache CWE-611
6.5
6.5
2021-09-23 CVE-2021-33035 Classic Buffer Overflow vulnerability in Apache Openoffice
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets.
local
low complexity
apache CWE-120
7.8
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 544 711 366 1634