Apache OpenOffice users should upgrade to newest security release!

2021-10-12 11:01

The Apache Software Foundation has released Apache OpenOffice 4.1.11, which fixes a handful of security vulnerabilities, including CVE-2021-33035, a recently revealed RCE vulnerability that could be triggered via a specially crafted document.

Apache OpenOffice is an open-source office productivity suite that includes a word processor, a spreadsheet tool, a presentation editor, a vector graphics drawing editor, a mathematical formula editor, and a database management program.

Apache OpenOffice 4.1.11 also comes with a fix for CVE-2021-40439, a security vulnerability in the third-party XML parser library included in the suite that allowed billion laughs attacks.

For information about other bugs fixed and enhancements/features introduced in Apache OpenOffice 4.1.11, check out the release notes.

"All users of Apache OpenOffice 4.1.10 or earlier are strongly advised to upgrade," the ASF noted.

"Windows 11 users can now also get Apache OpenOffice for selected languages in the Microsoft Store."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/YUfojk94HCY/

#apache #security #upgrade #CVE-2021-33035 #CVE-2021-40439

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-07	CVE-2021-40439	XXE vulnerability in Apache Openoffice Apache OpenOffice has a dependency on expat software. network low complexity apache CWE-611	6.5
2021-09-23	CVE-2021-33035	Classic Buffer Overflow vulnerability in Apache Openoffice Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. local low complexity apache CWE-120	7.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Apache		295	58	836	627	289	1810
Openoffice		2	2	8	5	15	30