This is an automated email from the ASF dual-hosted git repository. marcus pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/openoffice-org.git
commit 7173685de11fdcbc69b88f3f7556d909cbfa3fd3 Author: Marcus <mar...@apache.org> AuthorDate: Thu Dec 28 14:42:23 2023 +0100 Security Bulletin for the Apache OpenOffice 4.1.15 Release --- content/security/cves/CVE-2012-5639.html | 85 +++++++++++++++++++++++++++++ content/security/cves/CVE-2022-43680.html | 84 +++++++++++++++++++++++++++++ content/security/cves/CVE-2023-1183.html | 88 ++++++++++++++++++++++++++++++ content/security/cves/CVE-2023-47804.html | 90 +++++++++++++++++++++++++++++++ 4 files changed, 347 insertions(+) diff --git a/content/security/cves/CVE-2012-5639.html b/content/security/cves/CVE-2012-5639.html new file mode 100644 index 0000000000..50a2734d60 --- /dev/null +++ b/content/security/cves/CVE-2012-5639.html @@ -0,0 +1,85 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <title>CVE-2012-5639</title> + </head> + + <body> + <p> + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-5639">CVE-2012-5639</a> + </p> + <p> + <a href="https://www.openoffice.org/security/cves/CVE-2012-5639.html">Apache OpenOffice Advisory</a> + </p> + <p style="text-align:center; font-size:largest"> + <strong>Loading internal / external resources without warning</strong> + </p> + <p style="text-align:center; font-size:larger"> + <strong>Fixed in Apache OpenOffice 4.1.15</strong> + </p> + <p> + <strong>Description</strong> + </p> + <p> + In Apache OpenOffice and LibreOffice embedded content will be opened automatically without + that a warning is shown. + </p> + <p> + <strong>Severity: Moderate</strong> + </p> + <p> + There are no known exploits of this vulnerability. + <br /> + A proof-of-concept demonstration exists. + </p> + <p> + Thanks to the reporter for discovering this issue. + </p> + <p> + <strong>Vendor: The Apache Software Foundation</strong> + </p> + <p> + <strong>Versions Affected</strong> + </p> + <p> + All Apache OpenOffice versions 4.1.14 and older are affected. + <br /> + OpenOffice.org versions may also be affected. + </p> + <p> + <strong>Mitigation</strong> + </p> + <p> + Install Apache OpenOffice 4.1.15 for the latest maintenance and cumulative security fixes. + Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>. + </p> + <p> + <strong>Acknowledgments</strong> + </p> + <p> + The Apache OpenOffice Security Team would like to thank Timo Warns and + Joachim Mammele for discovering and reporting this attack vector. + </p> + <p> + <strong>Further Information</strong> + </p> + <p> + For additional information and assistance, consult the + <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a> + or make requests to the + <a href="mailto:us...@openoffice.apache.org">us...@openoffice.apache.org</a> + public mailing list. + </p> + <p> + The latest information on Apache OpenOffice security bulletins can be found at the + <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>. + </p> + <hr /> + <p> + <a href="https://security.openoffice.org">Security Home</a>-> + <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>-> + <a href="https://www.openoffice.org/security/cves/CVE-2022-47502.html">CVE-2012-5639</a> + </p> + </body> +</html> diff --git a/content/security/cves/CVE-2022-43680.html b/content/security/cves/CVE-2022-43680.html new file mode 100644 index 0000000000..32034c0ba8 --- /dev/null +++ b/content/security/cves/CVE-2022-43680.html @@ -0,0 +1,84 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <title>CVE-2022-43680</title> + </head> + + <body> + <p> + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-43680">CVE-2022-43680</a> + </p> + <p> + <a href="https://www.openoffice.org/security/cves/CVE-2022-43680.html">Apache OpenOffice Advisory</a> + </p> + <p style="text-align:center; font-size:largest"> + <strong>Use-after free" fixed in expat >= 2.4.9</strong> + </p> + <p style="text-align:center; font-size:larger"> + <strong>Fixed in Apache OpenOffice 4.1.15</strong> + </p> + <p> + <strong>Description</strong> + </p> + <p> + In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD + in XML_ExternalEntityParserCreate in out-of-memory situations. + </p> + <p> + <strong>Severity: Moderate</strong> + </p> + <p> + There are no known exploits of this vulnerability. + <br /> + A proof-of-concept demonstration does not exist. + </p> + <p> + Thanks to the reporter for discovering this issue. + </p> + <p> + <strong>Vendor: The Apache Software Foundation</strong> + </p> + <p> + <strong>Versions Affected</strong> + </p> + <p> + All Apache OpenOffice versions 4.1.14 and older are affected. + <br /> + OpenOffice.org versions may also be affected. + </p> + <p> + <strong>Mitigation</strong> + </p> + <p> + Install Apache OpenOffice 4.1.15 for the latest maintenance and cumulative security fixes. + Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>. + </p> + <p> + <strong>Acknowledgments</strong> + </p> + <p> + n/a + </p> + <p> + <strong>Further Information</strong> + </p> + <p> + For additional information and assistance, consult the + <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a> + or make requests to the + <a href="mailto:us...@openoffice.apache.org">us...@openoffice.apache.org</a> + public mailing list. + </p> + <p> + The latest information on Apache OpenOffice security bulletins can be found at the + <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>. + </p> + <hr /> + <p> + <a href="https://security.openoffice.org">Security Home</a>-> + <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>-> + <a href="https://www.openoffice.org/security/cves/CVE-2022-43680.html">CVE-2022-43680</a> + </p> + </body> +</html> diff --git a/content/security/cves/CVE-2023-1183.html b/content/security/cves/CVE-2023-1183.html new file mode 100644 index 0000000000..791f32072f --- /dev/null +++ b/content/security/cves/CVE-2023-1183.html @@ -0,0 +1,88 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <title>CVE-2023-1183</title> + </head> + + <body> + <p> + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-1183">CVE-2023-1183</a> + </p> + <p> + <a href="https://www.openoffice.org/security/cves/CVE-2023-1183.html">Apache OpenOffice Advisory</a> + </p> + <p style="text-align:center; font-size:largest"> + <strong>Arbitrary file write in Apache OpenOffice Base</strong> + </p> + <p style="text-align:center; font-size:larger"> + <strong>Fixed in Apache OpenOffice 4.1.15</strong> + </p> + <p> + <strong>Description</strong> + </p> + <p> + An attacker can craft an OBD containing a "database/script" file with a SCRIPT command where + the contents of the file could be written to a new file whose location was determined by the + attacker. + </p> + <p> + <strong>Severity: Moderate</strong> + </p> + <p> + There are no known exploits of this vulnerability. + <br /> + A proof-of-concept demonstration exists. + </p> + <p> + Thanks to the reporter for discovering this issue. + </p> + <p> + <strong>Vendor: The Apache Software Foundation</strong> + </p> + <p> + <strong>Versions Affected</strong> + </p> + <p> + All Apache OpenOffice versions 4.1.14 and older are affected. + <br /> + OpenOffice.org versions may also be affected. + </p> + <p> + <strong>Mitigation</strong> + </p> + <p> + Install Apache OpenOffice 4.1.15 for the latest maintenance and cumulative security fixes. + Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>. + </p> + <p> + <strong>Acknowledgments</strong> + </p> + <p> + The Apache OpenOffice Security Team would like to thank Gregor Kopf of Secfault Security + GmbH (Germany) for discovering and reporting this attack vector and Fred Toussi for kindly + providing a solution to this issue within HSQLDB. + + </p> + <p> + <strong>Further Information</strong> + </p> + <p> + For additional information and assistance, consult the + <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a> + or make requests to the + <a href="mailto:us...@openoffice.apache.org">us...@openoffice.apache.org</a> + public mailing list. + </p> + <p> + The latest information on Apache OpenOffice security bulletins can be found at the + <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>. + </p> + <hr /> + <p> + <a href="https://security.openoffice.org">Security Home</a>-> + <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>-> + <a href="https://www.openoffice.org/security/cves/CVE-2023-1183.html">2023-1183</a> + </p> + </body> +</html> diff --git a/content/security/cves/CVE-2023-47804.html b/content/security/cves/CVE-2023-47804.html new file mode 100644 index 0000000000..b286e92d69 --- /dev/null +++ b/content/security/cves/CVE-2023-47804.html @@ -0,0 +1,90 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <title>CVE-2023-47804</title> + </head> + + <body> + <p> + <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-47804">CVE-2023-47804</a> + </p> + <p> + <a href="https://www.openoffice.org/security/cves/CVE-2023-47804.html">Apache OpenOffice Advisory</a> + </p> + <p style="text-align:center; font-size:largest"> + <strong>Macro URL arbitrary script execution</strong> + </p> + <p style="text-align:center; font-size:larger"> + <strong>Fixed in Apache OpenOffice 4.1.15</strong> + </p> + <p> + <strong>Description</strong> + </p> + <p> + Apache OpenOffice documents can contain links that call internal macros with arbitrary + arguments. Several URI Schemes are defined for this purpose. Links can be activated by + clicks, or by automatic document events. The execution of such links must be subject to + user approval. In the affected versions of Apache OpenOffice, approval for certain links + is not requested; when activated, such links could therefore result in arbitrary script + execution. This is a corner case of + <a href="https://www.openoffice.org/security/cves/CVE-2022-47502.html">2022-47502</a>. + </p> + <p> + <strong>Severity: Moderate</strong> + </p> + <p> + There are no known exploits of this vulnerability. + <br /> + A proof-of-concept demonstration exists. + </p> + <p> + Thanks to the reporter for discovering this issue. + </p> + <p> + <strong>Vendor: The Apache Software Foundation</strong> + </p> + <p> + <strong>Versions Affected</strong> + </p> + <p> + All Apache OpenOffice versions 4.1.14 and older are affected. + <br /> + OpenOffice.org versions may also be affected. + </p> + <p> + <strong>Mitigation</strong> + </p> + <p> + Install Apache OpenOffice 4.1.15 for the latest maintenance and cumulative security fixes. + Use the Apache OpenOffice <a href="https://www.openoffice.org/download/"> download page</a>. + </p> + <p> + <strong>Acknowledgments</strong> + </p> + <p> + The Apache OpenOffice Security Team would like to thank Amel BOUZIANE- LEBLOND (aka Icare + Bug Bounty Hunter) for discovering and reporting this attack vector. + </p> + <p> + <strong>Further Information</strong> + </p> + <p> + For additional information and assistance, consult the + <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a> + or make requests to the + <a href="mailto:us...@openoffice.apache.org">us...@openoffice.apache.org</a> + public mailing list. + </p> + <p> + The latest information on Apache OpenOffice security bulletins can be found at the + <a href="https://www.openoffice.org/security/bulletin.html">Bulletin Archive page</a>. + </p> + <hr /> + <p> + <a href="https://security.openoffice.org">Security Home</a>-> + <a href="https://www.openoffice.org/security/bulletin.html">Bulletin</a>-> + <a href="https://www.openoffice.org/security/cves/CVE-2023-47804.html">2023-47804</a> + </p> + </body> +</html>