You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by bu...@apache.org on 2015/04/28 08:48:24 UTC
svn commit: r949441 - in /websites/staging/ooo-site/trunk: cgi-bin/ content/
content/security/cves/CVE-2015-1774.html
Author: buildbot
Date: Tue Apr 28 06:48:24 2015
New Revision: 949441
Log:
Staging update by buildbot for ooo-site
Modified:
websites/staging/ooo-site/trunk/cgi-bin/ (props changed)
websites/staging/ooo-site/trunk/content/ (props changed)
websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
Propchange: websites/staging/ooo-site/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Apr 28 06:48:24 2015
@@ -1 +1 @@
-1676121
+1676416
Propchange: websites/staging/ooo-site/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Apr 28 06:48:24 2015
@@ -1 +1 @@
-1676121
+1676416
Modified: websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-1774.html (original)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-1774.html Tue Apr 28 06:48:24 2015
@@ -3,7 +3,7 @@
<head>
<link href="/css/ooo.css" rel="stylesheet" type="text/css">
- <title>CVE-2014-3575</title>
+ <title>CVE-2015-1774</title>
<style type="text/css"></style>
<!--#include virtual="/google-analytics.js" -->
@@ -24,7 +24,7 @@
<h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1774">CVE-2015-1774</a></h2>
- <h3>OpenOffice HWP Filter Remote Code Execution and Denial of Service</h3>
+ <h3>OpenOffice HWP Filter Remote Code Execution and Denial of Service Vulnerability</h3>
<ul>
<h4>Severity: Important</h4>
@@ -43,11 +43,18 @@ the HWP document format.</p>
<h4>Mitigation</h4>
<p>Apache OpenOffice users are advised to remove the problematic library in
-the "program" folder of their OpenOffice installation. On Windows it is
-named "hwp.dll", on Mac it is named "libhwp.dylib" (step-by-step instructions: go to the Applications folder in Finder;
-right click on OpenOffice.app; click on "Show Package Contents"; then search for the file "libhwp.dylib" with Finder's search function, or
-Look for it in the folder "Contents/MacOS"; then delete the file) and on Linux it is
-named "libhwp.so". Alternatively the library can be renamed to anything
+the "program" folder of their OpenOffice installation.
+On <strong>Windows</strong> it is named "hwp.dll"
+(step-by-step instructions: open the Apache OpenOffice program folder,
+usually "C:\Program Files (x86)\OpenOffice 4\program"; delete or rename
+any files whose name starts with "hwp"),
+on <strong>Mac OS X</strong> it is named "libhwp.dylib"
+(step-by-step instructions: go to the Applications folder in Finder;
+right click on OpenOffice.app; click on "Show Package Contents"; then
+search for the file "libhwp.dylib" with Finder's search function, or
+look for it in the folder "Contents/MacOS"; then delete the file)
+and on Linux it is named "libhwp.so".
+Alternatively the library can be renamed to anything
else e.g. "hwp_renamed.dll".
This mitigation will drop support for documents created in "Hangul
Word Processor" versions from 1997 or older. Users of such documents are
@@ -55,7 +62,7 @@ advised to convert their documents to ot
OpenDocument before doing so.</p>
<h4>Further information</h4>
- <p>Apache OpenOffice aims to fix the vulnerability in version 4.1.2, not released yet.</p>
+ <p>Apache OpenOffice aims to fix the vulnerability in version 4.1.2.</p>
<h4>Credits</h4>
<p>Thanks to an anonymous contributor working with VeriSign iDefense Labs.</p>
@@ -64,7 +71,7 @@ OpenDocument before doing so.</p>
<p><a href="http://security.openoffice.org">Security Home</a>
-> <a href="http://security.openoffice.org/bulletin.html">Bulletin</a>
- -> <a href="http://security.openoffice.org/security/cves/CVE-2014-3575.html">CVE-2014-3575</a></p>
+ -> <a href="http://www.openoffice.org/security/cves/CVE-2015-1774.html">CVE-2015-1774</a></p>
</div>
<!--#include virtual="/footer.html" -->