Announcement

Collapse
No announcement yet.

Apache OpenOffice Vulnerable To One-Click Code Execution

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by Alexmitter View Post
    Who still runs OpenOffice seemingly deserves that.
    Two my friends still use it. Not because thet not know about LO. Just because in one case it cannot correctly display (or crashing - don't remember) one particular type of document that they are working on. And OpenOffice still works fine on it. And yes, as far as I know, they reported a bug to LO and it remained with no response.

    In my case, I use LO from long time but for my daily job I need good compatibility with MS Office formats like .docx or excel and LO here is very bad for my job. Thats why for home job I use WPS (closedsource) and in my law office I use opensource OnlyOffice [not OpenOffice] - for best MS Office compatybility.

    Comment


    • #12
      Non-savvy users may not be aware that LibreOffice has replaced OpenOffice, so people are caught.

      Comment


      • #13
        Originally posted by xpris View Post

        Two my friends still use it. Not because thet not know about LO. Just because in one case it cannot correctly display (or crashing - don't remember) one particular type of document that they are working on. And OpenOffice still works fine on it. And yes, as far as I know, they reported a bug to LO and it remained with no response.

        In my case, I use LO from long time but for my daily job I need good compatibility with MS Office formats like .docx or excel and LO here is very bad for my job. Thats why for home job I use WPS (closedsource) and in my law office I use opensource OnlyOffice [not OpenOffice] - for best MS Office compatybility.
        WPS and OnlyOffice both have very good MS compatability. Have you tried Softmaker Office? I find that its MS compatibility is even better in some ways.

        Comment


        • #14
          We have directly contacted the users of Apache OpenOffice to warn them to patch for this vulnerability.

          Ed. Correction, additional quotation was omitted: We have directly contacted the users of Apache OpenOffice to warn them to patch for this vulnerability. However, we were unable to reach about 30%, which means we have as many as 3 users that have not been reached yet.

          Comment


          • #15
            Originally posted by andyprough View Post

            WPS and OnlyOffice both have very good MS compatability. Have you tried Softmaker Office? I find that its MS compatibility is even better in some ways.
            Me too. OnlyOffice is a bit barebones still and it wouldn't even open half of my documents. WPS is a lot better, but it still has some quirks in some documents. However, FreeOffice and its paid variant SoftMaker Office have never failed me so far. In fact, I even paid for a SMO license because of that.

            Comment


            • #16
              I find it so interesting that OpenOffice is in such a bad shape despite Apache's backing. I mean: it's not like Apache is run by a few devs in their spare time - they're relatively big and have a good reputation because of their other software.

              Comment


              • #17
                It would be interesting to hear from LibreOffice Foundation about their download numbers. I bet they were much smaller than Apache's, hence avoiding talking about it too much.

                Comment


                • #18
                  Originally posted by Vistaus View Post
                  I find it so interesting that OpenOffice is in such a bad shape despite Apache's backing. I mean: it's not like Apache is run by a few devs in their spare time - they're relatively big and have a good reputation because of their other software.
                  I doubt the apache devs have much to do with it. From my recollection what happened was by 2011, all the active OOo developers had moved over to LO in order to save the code from Oracle, and the plan was to retire OOo as a project and fold it into the LO foundation. Oracle didn't really care, but IBM flipped out because they were still selling an OOo derived product called Lotus Symphony. IBM needed somewhere to dump the code and picked the Apache project (quite possibly along with a financial donation to the project to make the hosting of the project more appetizing, but who knows).

                  I may be missing a few steps in the timeline but I think that's the basics.

                  Anyway, it was all done with great fanfair and talk about how a great community was going to rise from the ashes and build OOo to new heights of brilliance, and of course that never happened nor was it ever apparently intended to happen. A small group of devs worked with the code over the years, progress was incredibly slow compared to LO, what progress that was made was mostly backported stuff from LO, IBM quickly and quietly dumped Lotusy Symphony, and here we are.

                  [Edited to remove RedHat as the main instigator of the move to Apache - as RahulSundaram pointed out, my memory was faulty and RedHat was an early supporter of LibreOffice and the Document Foundation: https://www.phoronix.com/forums/foru...3#post1254943]
                  andyprough
                  Senior Member
                  Last edited by andyprough; 04 May 2021, 04:21 PM.

                  Comment


                  • #19
                    Originally posted by andyprough View Post
                    Time to get to checking, systemd fanboys. Some sysadmins are going to get paid overtime this week...
                    You seem to be unable to read your own sources.

                    This virus, this binary called "systemd-daemon" has as much to do with systemd as a hypothetical virus that names itself "Xorg" has to do with Xorg. Funny too because one of the first people who noticed it was running Void linux that is well known for not using systemd.

                    You should be as much concerned about it no matter what init system you use, it could call itself "init" or "s6" too. And please, for the love of god, stop embarrassing yourself.

                    Comment


                    • #20
                      Originally posted by andyprough View Post
                      Time to get to checking, systemd fanboys. Some sysadmins are going to get paid overtime this week...
                      As this issue is in no way linked to systemd, even non systemd fanboys should be checking: you can totally have the malware even without systemd, it's just called systemd-something because it makes it less conspicuous.

                      Comment

                      Working...
                      X