Page 1 of 1

[Solved] Multiple Vulnerabilities Found In Latest OpenOffice

PostPosted: Thu May 06, 2021 6:37 pm
by Jezzer
Hi All,

I downloaded the latest version of Open Office yesterday. It went well. I was pleased. Today I've restarted my computer and been met with a very long list of scary sounding vulnerabilities.

I'm a simple computer user. If it works thats fine; if it doesn't I don't know what to do. The program still works fine, but is it safe to use? I don't know how to fix these vulnerabilites, and worry about downloading more stuff that I don't understand. I've checked that my Windows 10 is fully updated, and scaned the file with Norton Security, which shows no probelms either (but I think that will only find viruses and the like, not software vulnerabilites). I've also tried the update button in Open Office itself, and that states the program Open Office 4.1.10 is up to date.

Am I right to be concerned? Do I need to do anything, or is this something the creator's of Open Office need to be aware of to fix? The warnings of multiple vulnerabilities has been thrown up at start up by another trusted and respected program. Can somebody please advise on what I should do? I'm thinking about trying to reinstall the previous version again; is that the right thing to do now? Or is it safe to use this latest version of Open Office at this time?

I have attached 3 screenshots of the listed vulnerabilities (please note due to the scrolling nature of the screen, images 2 & 3 overlap slighty). Looking at the preview of this message the attachments seem to have got mixed up, but I think all three are there, which just about sums up my capabilities!

Hope I've got this in the right place, I thought the 'troubleshooting' heading seemed most appropriate, and that somebody with more 'under the hood' understanding of computers could advise on what to do
Screen Shot 3 of 3_Thursday, 6 May 2021_17h7m47s_001_Acronis True Image 2021.png
.

Many thanks for your time and assistance.

Re: Multiple Vulnerabilities Found In Latest Open Office Upd

PostPosted: Thu May 06, 2021 6:52 pm
by RoryOF
Which version of OpenOffice - see /Help /about OpenOffice for details of the running version We need the major number and the build number from that screen.

Re: Multiple Vulnerabilities Found In Latest Open Office Upd

PostPosted: Thu May 06, 2021 6:58 pm
by Jezzer
Hi Rory,

Thanks for coming back so promptly. The writing on the 'about' screen is too small for me to read with certainty, so I've attached another screen shot. Hope you can read it okay?

Re: Multiple Vulnerabilities Found In Latest Open Office Upd

PostPosted: Thu May 06, 2021 7:01 pm
by Jezzer
Hi,

re the 'about' screenshot above, I see underneath it says Open Office 4.1.0 on windows 8. If that's referring to me, thats incorrect. I'm running Windows 10 on a 64 bit PC. Hope this helps.

Re: Multiple Vulnerabilities Found In Latest Open Office Upd

PostPosted: Thu May 06, 2021 7:02 pm
by Bill
What generated this list?

One of the vulnerabilities is listed as fixed on AOO 4.1.10. The others are listed as fixed in earlier versions of AOO.

Apache OpenOffice Security Team Bulletin

Re: Multiple Vulnerabilities Found In Latest Open Office Upd

PostPosted: Thu May 06, 2021 7:09 pm
by Jezzer
Acronis True Image 2021. It backs up my PC, checks for any unauthourised changes in progress, ie. ransomware proection; and apparantly also checks my computer for any vulnerabilites when the computer starts up (a feature I wasn't fully aware of until the scarey messgae box opened up). Very happy something's looking after me; but not sure what to do if a problem is encountered! Appreciate all your help here.

Re: Multiple Vulnerabilities Found In Latest Open Office Upd

PostPosted: Thu May 06, 2021 7:25 pm
by Villeroy
The latest CVE has been "fixed". The "fix" destroys valuable functionality.
viewtopic.php?f=9&t=105147

Re: Multiple Vulnerabilities Found In Latest Open Office Upd

PostPosted: Thu May 06, 2021 7:42 pm
by thomasjk
Jezzer wrote:Acronis True Image 2021. It backs up my PC, checks for any unauthourised changes in progress, ie. ransomware proection; and apparantly also checks my computer for any vulnerabilites when the computer starts up (a feature I wasn't fully aware of until the scarey messgae box opened up). Very happy something's looking after me; but not sure what to do if a problem is encountered! Appreciate all your help here.

As a former Acronis 2021 user I would advise to turn off the vulnerabilities scan in the True Image GUI. True Image 2021 is very buggy with respect to this scan and also its anti-virus capabilities.

Re: Multiple Vulnerabilities Found In Latest Open Office Upd

PostPosted: Thu May 06, 2021 7:58 pm
by Jezzer
Hi Tom,

Thanks for your view; but having had so many vulnerabilities 'revealed', I'd really be happier if someone could confirm all the vulnerabilities have been dealt with and that Open Office is secure and safe, before I feel comfortable in ignoring the warnings and / or switching off the vulnerabilities scan in Acronis. It's always going to play on my mind otherwise. Just don't have the knowledge or expertise to do that myself. Appreciate your advice though. Thanks for bringing your experience to my attention. I'll certainly bear it in mind. Now if I could just stop thinking about vulnerabilities......

Re: Multiple Vulnerabilities Found In Latest Open Office Upd

PostPosted: Thu May 06, 2021 11:40 pm
by John_Ha
It looks like Acronis has not been notified about the new release.

I very much doubt this is a genuine vulnerability - it is almost certainly Acronis does not recognise the new release.

Re: Multiple Vulnerabilities Found In Latest Open Office Upd

PostPosted: Sun May 09, 2021 11:28 pm
by Jezzer
Hi All,

I don't know what has changed, but I am very pleased to report that Acronis is no longer flagging up Open Office as having any vulnerabilities.

I don't know if marking this post as 'solved' is actually accurate, as I've done nothing to fix the worrying alerts that I got; but the fact that I'm no longer getting them means I'm happy again.

Many thanks to all those who commented, and reassured me that it was just a buggy report from from Acronis, and that Open Office was safe.

Re: Multiple Vulnerabilities Found In Latest Open Office Upd

PostPosted: Mon May 10, 2021 7:39 am
by Hagar Delest
John_Ha wrote:It looks like Acronis has not been notified about the new release.

I guess that was it. Your software has certainly been updated with an updated list and the new version has been added.