[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2021-41830: Apache OpenOffice: Double Certificate Attack
From:       Dave Fisher <wave () apache ! org>
Date:       2021-10-11 3:04:14
Message-ID: 01325ee1-f172-c154-1023-87fb7d6c2df6 () apache ! org
[Download RAW message or body]

Severity: high

Description:

It is possible for an attacker to manipulate signed documents and macros to=
 appear to come from a trusted source.

All versions of Apache OpenOffice up to 4.1.10 are affected. Users are =
advised to update to version 4.1.11.

See CVE-2021-25633 for the LibreOffice advisory.



Credit:

Apache OpenOffice would like to thank Simon Rohlmann, Vladislav Mladenov, =
Christian Mainka, and Jorg Schwenk of Ruhr University Bochum, Germany

[prev in list] [next in list] [prev in thread] [next in thread]