15 replies to this topic

[AplusWebMaster]

FYI...

OpenOffice.org 2.4.0 released
- http://www.openoffic...news/index.html
27 Mar 2008

Security Bulletins
- http://www.openoffic...y/bulletin.html

Release Notes
- http://www.openoffic...ases/2.4.0.html

Download
- http://download.openoffice.org/

- http://secunia.com/advisories/29852/
Release Date: 2008-04-17
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: OpenOffice 1.0.x, OpenOffice 1.1.x, OpenOffice.org 2.x
...The vulnerabilities are reported in versions prior to 2.4.
Solution: Update to version 2.4.

Edited by AplusWebMaster, 23 April 2008 - 07:14 PM.

[AplusWebMaster]

FYI...

OpenOffice vuln - update available
- http://secunia.com/advisories/30599/
Release Date: 2008-06-10
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: OpenOffice.org 2.x...
Solution: Update to version 2.4.1.
Original Advisory: OpenOffice:
http://www.openoffic...-2008-2152.html

Download: http://download.open....org/other.html

[AplusWebMaster]

FYI...

OpenOffice.org v3.0 released...download:
- http://www.openoffice.org/
Oct. 13, 2008 - "Apologies - our website is struggling to cope with the unprecedented
demand for the new release 3.0 of OpenOffice.org. The technical teams are
trying to come up with a solution. Thank you for your patience."


- http://www.informati...cleID=211200491
Oct. 14, 2008 - "...one of its biggest enhancements being support for file formats in MS Office 2007... However, some files, such as .docx, .xisx, and .pptx, can only be read. The second major enhancement is a new version for the Apple Mac. The upgrade installs and runs like a normal OS X application..."

//

Edited by AplusWebMaster, 15 October 2008 - 05:51 AM.
Added upgrade detail... 'still unavailable at OpenOffice.org...

[AplusWebMaster]

FYI...

OpenOffice note...
- http://voices.washin...insecure_j.html
February 4, 2009 - "... the latest version of OpenOffice, the open source alternative to the Microsoft Office productivity suite, also installs a very old, insecure version of Java. Users who accept the default installation options for OpenOffice 3.0.1 also will get Java 6 Update 7, a version of Java that Sun Microsystems released last spring (the latest version is Java 6 Update 12*)... the latest version of OpenOffice appears to work just fine with the latest, Java 6 Update 12*..."
* http://java.sun.com/...loads/index.jsp
Feb. 2, 2009

(You may have to -manually- uninstall older versions of Java - see your >Control Panel >Add/Remove Programs ...so the system will not receive an external (remote site) call for the older versions. )

- http://download.openoffice.org/

- http://development.o...ases/3.0.1.html

Edited by AplusWebMaster, 07 February 2009 - 01:57 AM.

[AplusWebMaster]

FYI...

OpenOffice.org Word doc vuln - update available
- http://secunia.com/advisories/35036/2/
Release Date: 2009-09-01
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: OpenOffice.org 3.x
Solution: Update to version 3.1.1...

- http://download.openoffice.org/

- http://development.o...ases/3.1.1.html

- http://web.nvd.nist....d=CVE-2009-0200
- http://web.nvd.nist....d=CVE-2009-0201

Edited by AplusWebMaster, 08 September 2009 - 04:40 AM.

[AplusWebMaster]

FYI...

OpenOffice v3.2 released
- http://secunia.com/advisories/38568/
Release Date: 2010-02-12
Criticality level: Highly critical
Impact: Security Bypass, Spoofing, System access
Where: From remote
Solution Status: Vendor Patch
Software: OpenOffice.org 3.x
Solution: Update to version 3.2.
- http://download.open....org/index.html
11 February 2010 - OpenOffice.org 3.2 ...
Original Advisory:
http://www.openoffic...-2006-4339.html
http://www.openoffic...-2009-0217.html
http://www.openoffic...-2009-2493.html
http://www.openoffic...-2009-2949.html
http://www.openoffic...-2009-2950.html
http://www.openoffic...-3301-3302.html

- http://www.openoffic...y/bulletin.html

Edited by AplusWebMaster, 22 February 2010 - 10:27 AM.

[AplusWebMaster]

FYI...

OpenOffice v3.2.1 released
- http://download.open....org/index.html

Release Notes
- http://development.o...ases/3.2.1.html

- http://www.openoffic...y/bulletin.html

CVE-2009-3555
- http://www.openoffic...-2009-3555.html

CVE-2010-0395
- http://www.openoffic...-2010-0395.html

- http://isc.sans.edu/...ml?storyid=8908
Last Updated: 2010-06-05 01:31:39 UTC

- http://secunia.com/advisories/40070/
Release Date: 2010-06-07
Criticality level: Moderately critical
Impact: Manipulation of data, System access
Where: From remote
Solution: Update to version 3.2.1.

Edited by AplusWebMaster, 07 June 2010 - 05:42 AM.

[AplusWebMaster]

FYI...
___

Migration of OpenOffice.Org...
- http://kenai.com/pro...tion/pages/Home
2011.02.17 - "... openoffice.org... will be in read-only mode starting late Monday February 21 for 4-5 days. See the QuickHelp Guide* for notes on the new site."
* http://kenai.com/pro...pages/QuickHelp
___

Oracle PDF import ext Xpdf vuln - update available
- http://secunia.com/advisories/43079/
Release Date: 2011-01-27
Criticality level: Moderately critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Oracle PDF Import Extension 1.x (extension for OpenOffice.org / Oracle Open Office)
CVE Reference(s):
- http://web.nvd.nist....d=CVE-2010-3702
- http://web.nvd.nist....d=CVE-2010-3704
Solution: Update to version 1.0.4.
> http://extensions.se...oject/pdfimport
___

OoO v3.3.0
- http://download.open....org/index.html

Fixed in OpenOffice.org 3.3
- http://www.openoffic...y/bulletin.html

- http://www.openoffic...s/features/3.3/

- http://www.securityt....com/id/1025002
- http://www.securityt....com/id/1025004
Jan 28 2011

Edited by AplusWebMaster, 17 February 2011 - 01:36 PM.

[AplusWebMaster]

FYI...

OpenOffice 3.4 - early 2012 ...
- http://h-online.com/-1398737
20 December 2011 - "... the 'incubating' Apache OpenOffice project was "tentatively" planning an OpenOffice 3.4 release in the first quarter of 2012. Apache OpenOffice 3.4 will not though, be a feature release, but a first Apache IP policy compliant release of the office suite..."

- https://incubator.ap...nofficeorg.html
... OpenOffice.org is comprised of six personal productivity applications: a word processor (and its web-authoring component), spreadsheet, presentation graphics, drawing, equation editor, and database. OpenOffice.org is released on Windows, Solaris, Linux and Macintosh operation systems, with more communities joining, including a mature FreeBSD port. OpenOffice.org is localized, supporting over 110 languages worldwide...

- https://blogs.apache.org/OOo/

- http://www.openoffic...y/bulletin.html

[AplusWebMaster]

FYI...

Apache OpenOffice v3.4 released
- http://www.openoffic...news/aoo34.html
8 May 2012 — "The Apache OpenOffice Project today announced the availability of Apache OpenOffice 3.4, the first release of OpenOffice under the governance of the Apache Software Foundation. Apache OpenOffice is the original open source office productivity suite, designed for professional and consumer use... Apache OpenOffice is the leading open source office productivity suite, with more than 100 million users worldwide in home, corporate, government, research, and academic environments, across 15 languages. Apache OpenOffice 3.4 is available for download* free of charge. OpenOffice 3.4 features:
• word processing, spreadsheets, presentation graphics, databases, drawing, and mathematical editing applications support for Windows, Linux (32-bit and 64-bit) and Macintosh operating environments
• native language support for English, Arabic, Czech, German, Spanish, French, Galician, Hungarian, Italian, Japanese, Dutch, Russian, Brazilian Portuguese, Simplified Chinese, and Traditional Chinese
• improved ODF support, including new ODF 1.2 encryption options and new spreadsheet functions
• enhanced pivot table support in Calc
• enhanced graphics, including line caps, shear transformations and native support for Scalable Vector Graphics (SVG)
• improvements in performance and quality
The complete list of new features, functions, and improvements is available in the Release Notes..."

* Download: http://download.openoffice.org/

Release notes: https://cwiki.apache...4 Release Notes
___

- https://secunia.com/advisories/46992/
Last Update: 2012-05-29
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 3.4.
Original Advisory:
http://www.openoffic...-2012-1149.html
http://www.openoffic...-2012-2149.html
http://www.openoffic...-2012-2334.html

- http://www.securityt....com/id/1027068
CVE Reference: CVE-2012-1149
Updated: May 16 2012

- http://www.securityt....com/id/1027069
CVE Reference: CVE-2012-2149
May 16 2012

- http://www.securityt....com/id/1027070
CVE Reference: CVE-2012-2334
Updated: May 28 2012
Solution: The vendor has issued a fix (3.4).
> http://www.openoffic...-2012-2334.html

Edited by AplusWebMaster, 31 May 2012 - 06:57 AM.

[AplusWebMaster]

FYI...

OpenOffice v3.4.1 released
- https://blogs.apache...openoffice_3_41
Aug 23, 2012 - "... OpenOffice 3.4.1 can be downloaded now from http://www.openoffice.org/download/ or by going to the 'Help/Check for Updates' dialog within OpenOffice 3.4 or 3.3..."

Release notes
- http://www.openoffic...ases/3.4.1.html
"... there were 69 verified issues that have been resolved..."
(More detail at the URL above.)

- http://h-online.com/-1674083
23 August 2012
___

- http://web.nvd.nist....d=CVE-2012-2665 - 7.5 (HIGH)
Last revised: 09/07/2012

- http://www.openoffic...-2012-2665.html
Versions Affected:
Apache OpenOffice 3.4.0, all languages, all platforms.
Earlier versions of OpenOffice.org may be also affected.
... upgrade to Apache OpenOffice 3.4.1...

- https://secunia.com/advisories/50438/
Release Date: 2012-08-28
Criticality level: Highly critical
Solution: Update to version 3.4.1.

Edited by AplusWebMaster, 24 September 2012 - 10:46 AM.

[AplusWebMaster]

FYI...

OpenOffice 3.4.1 SDK - all platforms
- http://www.openoffic...-2013-1571.html
"As reported on June 18th there is a vulnerability in JavaDoc generated by Java 5, Java 6 and Java 7 before update 22. Generated JavaDoc files could be suceptible to HTML frame injection attacks. Our investigation indicated that the UDK 3.2.7 Java API Reference in the Apache OpenOffice SDK contains a vulnerable HTML file.
Note: Ordinary installs of OpenOffice are not impacted by this vulnerability. Only installs of the OpenOffice SDK, typically only installed by software developers writing extensions, are impacted.
Mitigation: SDK users should update their installations by replacing /docs/java/ref/index.html with this patched version*. Download, unzip and follow the instructions in the enclosed README file...
* http://www.apache.or...e-2013-1571.zip
Alternative... download and run Oracle's Java API Documentation Updater Tool** to repair the vulnerabilities in place..."
** http://www.oracle.co...ol-1955731.html

- https://web.nvd.nist...d=CVE-2013-1571
Last revised: 06/19/2013

[AplusWebMaster]

FYI...

OpenOffice 4.0 released
- https://cwiki.apache...0 Release Notes
Jul 23, 2013

- http://www.openoffic...y/bulletin.html

Bug Fixes
- https://cwiki.apache...eNotes-BugFixes
"As of July 17th 2013 there were -498- verified issues that have been resolved..."

- https://secunia.com/advisories/54133/
Release Date: 2013-07-26
Criticality: Highly Critical
Impact: System access
CVE Reference(s): CVE-2013-2189, CVE-2013-4156
... vulnerabilities are reported in versions 3.4.0 and 3.4.1. Prior versions may also be affected.
Solution: Upgrade to version 4.0
Original Advisory:
http://www.openoffic...-2013-2189.html
http://www.openoffic...-2013-4156.html

Instructions for Downloading and Installing Apache OpenOffice 4.0.0
- http://www.openoffic...structions.html

Download
- http://www.openoffice.org/download/

Edited by AplusWebMaster, 26 July 2013 - 02:15 PM.

[AplusWebMaster]

FYI...

OpenOffice 4.0.1 released ...
- https://cwiki.apache...1 Release Notes
Sep 29, 2013 - "Apache OpenOffice 4.0.1 is a maintenance release which fixes critical issues and improves the overall quality of the application. All users of Apache OpenOffice 4.0 or earlier are advised to upgrade. You can download Apache OpenOffice 4.0.1 here*.
General areas of improvement include: additional native language translations, bug fixes, performance improvements and Windows 8 compatibility enhancements...

* http://www.openoffice.org/download/

Performance Improvements/Enhancements compared to OpenOffice 4.0.0:
The performance for saving XLS files was boosted by more than 230%.

Improvements/Enhancements missing in the OpenOffice 4.0.0 release notes:
OpenOffice 4.0 integrated the very popular extensions "Presenter Screen" and "Presentation Minimizer" into the core product.

Bug Fixes ..."

[AplusWebMaster]

FYI...

OpenOffice 4.1.0 released
- http://www.openoffice.org/download/
2014-Apr-29

AOO 4.1 Release Notes
- https://cwiki.apache...1 Release Notes
last edited May 05, 2014

- https://blogs.apache...roject_announce

Buglist
- https://issues.apach...milestone=4.1.0
313 issues found.
___

> http://www.openoffic...y/bulletin.html
 

Edited by AplusWebMaster, 25 June 2014 - 12:37 PM.