Announcement

Collapse
No announcement yet.

Apache OpenOffice Vulnerable To One-Click Code Execution

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by andyprough View Post
    Time to get to checking, systemd fanboys. Some sysadmins are going to get paid overtime this week...
    As this issue is in no way linked to systemd, even non systemd fanboys should be checking: you can totally have the malware even without systemd, it's just called systemd-something because it makes it less conspicuous.

    Comment


    • #22
      Originally posted by fguerraz View Post
      As this issue is in no way linked to systemd, even non systemd fanboys should be checking: you can totally have the malware even without systemd, it's just called systemd-something because it makes it less conspicuous.
      You might. I don't.

      Comment


      • #23
        I remember people (in many internet forums, like here) expressing concern precisely about something like this.

        At this point you are actively harmful, Apache.

        Fuck you.

        Comment


        • #24
          Originally posted by franglais125 View Post
          I remember people (in many internet forums, like here) expressing concern precisely about something like this.

          At this point you are actively harmful, Apache.

          Fuck you.
          Apache accepted it rather unwillingly due to intense lobbying from RedHat. I never blamed Apache, this is a project that RedHat should have allowed to fold into the LO foundation in 2011. Apache held a number of meetings and votes about it and were somewhat negative about it but ultimately relented to RedHat's pressure.

          Comment


          • #25
            How: Applications of the OpenOffice suite handle non-http(s) hyperlinks in an insecure way, allowing for 1-click code execution on Windows and Xubuntu systems via malicious executable files hosted on Internet-accessible file shares.

            Why: The mitigation in Apache OpenOffice 4.1.10 assures that a security warning is displayed to give users the option of continuing to open the hyperlink. Best practice dictates to be careful when opening documents from unknown and unverified sources.
            I don't get this at all. How can non-http links run codes from internet-accessible file shares(?)
            And how is an OK window a solution?
            I click on an ftp link, and the default is downloading it, and executing it, or what?

            Comment


            • #26
              Originally posted by andyprough View Post

              WPS and OnlyOffice both have very good MS compatability. Have you tried Softmaker Office? I find that its MS compatibility is even better in some ways.
              I do find it a bit bizarre that someone could dislike OpenOffice because its free license isn't the exact free license they would like and instead migrate to a completely proprietary solution.

              Comment


              • #27
                Originally posted by StarterX4 View Post
                Uninstall that trash and install LibreOffice.
                Or install SoftMaker Office and enjoy an even better experience, especially when interacting with the MSFT file formats.

                Comment


                • #28
                  Originally posted by kpedersen View Post

                  I do find it a bit bizarre that someone could dislike OpenOffice because its free license isn't the exact free license they would like and instead migrate to a completely proprietary solution.
                  I don't actually dislike OOo as a software suite. I do download it and try it about once a year and always find it lacking compared to LO. If it worked better I would use it gladly. I did an entire college degree using OOo, have fond memories.

                  Comment


                  • #29
                    Originally posted by [email protected] View Post
                    It would be interesting to hear from LibreOffice Foundation about their download numbers. I bet they were much smaller than Apache's, hence avoiding talking about it too much.
                    I looked at these data. And below what I found.

                    https://www.phoronix.com/forums/foru...05#post1212705

                    Basically, despite the appearance, LO and AOO have the same order of downloads, and these are in the range 1.6-3M download/month.
                    The point is that even if the AOO development is stagnant, both the project have an huge and comparable number of the users.

                    Comment


                    • #30
                      Originally posted by kreijack View Post

                      I looked at these data. And below what I found.

                      https://www.phoronix.com/forums/foru...05#post1212705

                      Basically, despite the appearance, LO and AOO have the same order of downloads, and these are in the range 1.6-3M download/month.
                      The point is that even if the AOO development is stagnant, both the project have an huge and comparable number of the users.
                      I knew some of the LO numbers, but they only show numbers sporadically, not in a continual base.

                      After I posted earlier, I did a search for numbers and stumbled upon a blog from a dude determined to "expose" the TDF numbers, back when they split from OOo. One of the posts he did was calling out TDF on the developers migration in 2011/12. Too bad that tread is now closed. It would be fun to ask him now on how that developer migration wasn't happening...

                      Comment

                      Working...
                      X