Author: buildbot
Date: Tue Apr 28 06:48:24 2015
New Revision: 949441
Log:
Staging update by buildbot for ooo-site
Modified:
websites/staging/ooo-site/trunk/cgi-bin/ (props changed)
websites/staging/ooo-site/trunk/content/ (props changed)
websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
Propchange: websites/staging/ooo-site/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Apr 28 06:48:24 2015
@@ -1 +1 @@
-1676121
+1676416
Propchange: websites/staging/ooo-site/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Apr 28 06:48:24 2015
@@ -1 +1 @@
-1676121
+1676416
Modified:
websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
(original)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
Tue Apr 28 06:48:24 2015
@@ -3,7 +3,7 @@
<head>
<link href="/css/ooo.css" rel="stylesheet" type="text/css">
- <title>CVE-2014-3575</title>
+ <title>CVE-2015-1774</title>
<style type="text/css"></style>
<!--#include virtual="/google-analytics.js" -->
@@ -24,7 +24,7 @@
<h2><a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1774";>CVE-2015-1774</a></h2>
- <h3>OpenOffice HWP Filter Remote Code Execution and Denial of
Service</h3>
+ <h3>OpenOffice HWP Filter Remote Code Execution and Denial of Service
Vulnerability</h3>
<ul>
<h4>Severity: Important</h4>
@@ -43,11 +43,18 @@ the HWP document format.</p>
<h4>Mitigation</h4>
<p>Apache OpenOffice users are advised to remove the problematic
library in
-the "program" folder of their OpenOffice installation. On Windows it is
-named "hwp.dll", on Mac it is named "libhwp.dylib" (step-by-step instructions:
go to the Applications folder in Finder;
-right click on OpenOffice.app; click on "Show Package Contents"; then search
for the file "libhwp.dylib" with Finder's search function, or
-Look for it in the folder "Contents/MacOS"; then delete the file) and on Linux
it is
-named "libhwp.so". Alternatively the library can be renamed to anything
+the "program" folder of their OpenOffice installation.
+On <strong>Windows</strong> it is named "hwp.dll"
+(step-by-step instructions: open the Apache OpenOffice program folder,
+usually "C:\Program Files (x86)\OpenOffice 4\program"; delete or rename
+any files whose name starts with "hwp"),
+on <strong>Mac OS X</strong> it is named "libhwp.dylib"
+(step-by-step instructions: go to the Applications folder in Finder;
+right click on OpenOffice.app; click on "Show Package Contents"; then
+search for the file "libhwp.dylib" with Finder's search function, or
+look for it in the folder "Contents/MacOS"; then delete the file)
+and on Linux it is named "libhwp.so".
+Alternatively the library can be renamed to anything
else e.g. "hwp_renamed.dll".
This mitigation will drop support for documents created in "Hangul
Word Processor" versions from 1997 or older. Users of such documents are
@@ -55,7 +62,7 @@ advised to convert their documents to ot
OpenDocument before doing so.</p>
<h4>Further information</h4>
- <p>Apache OpenOffice aims to fix the vulnerability in version 4.1.2,
not released yet.</p>
+ <p>Apache OpenOffice aims to fix the vulnerability in version
4.1.2.</p>
<h4>Credits</h4>
<p>Thanks to an anonymous contributor working with VeriSign iDefense
Labs.</p>
@@ -64,7 +71,7 @@ OpenDocument before doing so.</p>
<p><a href="http://security.openoffice.org";>Security Home</a>
-> <a
href="http://security.openoffice.org/bulletin.html";>Bulletin</a>
- -> <a
href="http://security.openoffice.org/security/cves/CVE-2014-3575.html";>CVE-2014-3575</a></p>
+ -> <a
href="http://www.openoffice.org/security/cves/CVE-2015-1774.html";>CVE-2015-1774</a></p>
</div>
<!--#include virtual="/footer.html" -->
