Hotfix for CVE-2016-1513 - Memory Corruption Vulnerability (Impress Presentations)

Table of Contents


Resolution

This hotfix will resolve CVE-2016-1513 (click the link for more details)

The official Apache OpenOffice security bulletin was announced on July 21, 2016. Affected is Apache OpenOffice 4.1.2 and older on all platforms and all languages. OpenOffice.org versions are also affected.

The Apache OpenOffice project recommends to update to the latest version 4.1.2 and then to download and install the Zip file from the table below. Please follow the installation instructions in the respective Readme file.

Download & Installation

The actual hotfix is not dependend on the language but only on the platform. However, for your convenience the instructions (incl. automated scripts for installing and uninstalling the hotfix on Windows) are available in several languages. So, you can choose your favorite one:


 

Readme instructions

Zip file

Signatures & Digital Hashes

Windows

English (en-US) English (en-US) ASC MD5 SHA1 SHA256

Windows

Nederland (nl) Nederland (nl) ASC MD5 SHA1 SHA256

Windows

Deutsch (de) Deutsch (de) ASC MD5 SHA1 SHA256
 

Readme instructions

Zip file

Signatures & Digital Hashes

MacOS X

English (en-US)
Deutsch (de)
Download for all languages ASC MD5 SHA1 SHA256

Linux 32-Bit

English (en-US)
Deutsch (de)
Download for all languages ASC MD5 SHA1 SHA256

Linux 64-Bit

English (en-US)
Deutsch (de)
Download for all languages ASC MD5 SHA1 SHA256

Source

  Download ASC MD5 SHA1 SHA256

Please choose the Zip file for your favorite platform and save it to a desired directory. The following are the default directories. But you can also use an own location:

The next step is to unzip the downloaded Zip file:

Please consult the Readme file for the actual installation instructions.

How to verify the download & installation?

If you want, in the table above you can also download suitable hash value and signature files to verify that the Zip file was downloaded correctly. For more information about how to do the verifification see here: How to verify the integrity of the downloaded file?

To verify some basic data of the library files that are used by OpenOffice you can check the following:


Windows

Check the file size

Old "tl.dll" file: 620,032 bytes
New "tl.dll" file: 620,544 bytes

Check the time stamp

Old "tl.dll" file: 2015.10.21 16:49
New "tl.dll" file: 2016.07.05 18:08

Check the MD5 hash value

Old "tl.dll" file: a017f7bae8904511201c4b1636e2d05b
New "tl.dll" file: 54136525df6d49f9de24b2391f02894d

Check the SHA256 hash value

Old "tl.dll" file: 9d78e1c8ca3df7543a15de17315bbdc1d68459169bbe7a33a8b1b839affd3ac7
New "tl.dll" file: a67056a79ca2621d14d08381d5f238bacfd2b83f05d2001d984e6eaa295d519b

MacOS X

Check the file size

Old "libtl.dylib" file: 842,496 bytes
New "libtl.dylib" file: 831,128 bytes

Check the time stamp

Old "libtl.dylib" file: 2015.10.21 06:25
New "libtl.dylib" file: 2016.07.31 19:33

Check the MD5 hash value

Old "libtl.dylib" file: 0987ef42822f58be3486c1bf7bb9a132
New "libtl.dylib" file: 3b7ac8b442436031dbf108f01c5fbf63

Check the SHA256 hash value

Old "libtl.dylib" file: 8916914f1a9063a9d63da33a5f700b406d9bf471f915beec5a4137d873246689
New "libtl.dylib" file: 1760f5f51d53bf5c4932faaec0526e97a94666501559092c84627c571dd0c131

Linux 32-bit

Check the file size

Old "libtl.so" file: 728,224 bytes
New "libtl.so" file: 728,224 bytes

Check the time stamp

Old "libtl.so" file: 2015.10.21 12:56
New "libtl.so" file: 2016.07.31 20:37

Check the MD5 hash value

Old "libtl.so" file: 99a20d7f367ba2fab82efcafb051ed00
New "libtl.so" file: b667a354cfeb32be7bb9ea449525bef7

Check the SHA256 hash value

Old "libtl.so" file: 150c02aaef4044133ebbfaa60edb6d44a2a9e51b3b57fd74f48ed2f0ea036cf6
New "libtl.so" file: 3a86c8c9f2e54e93a8b3b8af747008509f3c83ae1c86d8a05430539e84133b6c

Linux 64-bit

Check the file size

Old "libtl.so" file: 763,528 bytes
New "libtl.so" file: 763,528 bytes

Check the time stamp

Old "libtl.so" file: 2015.10.21 13:12
New "libtl.so" file: 2016.08.02 00:21

Check the MD5 hash value

Old "libtl.so" file: 715297dc7479e07abaaf1b7712e2f441
New "libtl.so" file: bad9158a4fc71ada305a4d98bc33c898

Check the SHA256 hash value

Old "libtl.so" file: e708d95b86d3dfef29070770bcc21526e4f7599e35baafc99f447c3033232bd0
New "libtl.so" file: b7201843cf78cd8d1a4b03053c21f87560a9bc77d6cb683c8e96d3014917821e