openoffice-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pesce...@apache.org
Subject svn commit: r1676416 - /openoffice/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
Date Tue, 28 Apr 2015 06:45:57 GMT
Author: pescetti
Date: Tue Apr 28 06:45:56 2015
New Revision: 1676416

URL: http://svn.apache.org/r1676416
Log:
Minor fixes and clarifications. Step-by-step instructions for Windows.

Modified:
    openoffice/ooo-site/trunk/content/security/cves/CVE-2015-1774.html

Modified: openoffice/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
URL: http://svn.apache.org/viewvc/openoffice/ooo-site/trunk/content/security/cves/CVE-2015-1774.html?rev=1676416&r1=1676415&r2=1676416&view=diff
==============================================================================
--- openoffice/ooo-site/trunk/content/security/cves/CVE-2015-1774.html (original)
+++ openoffice/ooo-site/trunk/content/security/cves/CVE-2015-1774.html Tue Apr 28 06:45:56
2015
@@ -1,14 +1,14 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head profile="http://www.w3.org/2005/10/profile">
-	<title>CVE-2014-3575</title>
+	<title>CVE-2015-1774</title>
 	<style type="text/css"></style>
 </head>
 
 <body>
 	<h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1774">CVE-2015-1774</a></h2>
 
-	<h3>OpenOffice HWP Filter Remote Code Execution and Denial of Service</h3>
+	<h3>OpenOffice HWP Filter Remote Code Execution and Denial of Service Vulnerability</h3>
 
 	<ul>   
 	<h4>Severity: Important</h4>
@@ -27,11 +27,18 @@ the HWP document format.</p>
 
 	<h4>Mitigation</h4>
 	<p>Apache OpenOffice users are advised to remove the problematic library in
-the "program" folder of their OpenOffice installation. On Windows it is
-named "hwp.dll", on Mac it is named "libhwp.dylib" (step-by-step instructions: go to the
Applications folder in Finder;
-right click on OpenOffice.app; click on "Show Package Contents"; then search for the file
"libhwp.dylib" with Finder's search function, or
-Look for it in the folder "Contents/MacOS"; then delete the file) and on Linux it is
-named "libhwp.so". Alternatively the library can be renamed to anything
+the "program" folder of their OpenOffice installation.
+On <strong>Windows</strong> it is named "hwp.dll"
+(step-by-step instructions: open the Apache OpenOffice program folder,
+usually "C:\Program Files (x86)\OpenOffice 4\program"; delete or rename
+any files whose name starts with "hwp"),
+on <strong>Mac OS X</strong> it is named "libhwp.dylib"
+(step-by-step instructions: go to the Applications folder in Finder;
+right click on OpenOffice.app; click on "Show Package Contents"; then
+search for the file "libhwp.dylib" with Finder's search function, or
+look for it in the folder "Contents/MacOS"; then delete the file)
+and on Linux it is named "libhwp.so".
+Alternatively the library can be renamed to anything
 else e.g. "hwp_renamed.dll".
 This mitigation will drop support for documents created in "Hangul
 Word Processor" versions from 1997 or older. Users of such documents are
@@ -39,7 +46,7 @@ advised to convert their documents to ot
 OpenDocument before doing so.</p>
 
 	<h4>Further information</h4>
-        <p>Apache OpenOffice aims to fix the vulnerability in version 4.1.2, not released
yet.</p>
+        <p>Apache OpenOffice aims to fix the vulnerability in version 4.1.2.</p>
 
 	<h4>Credits</h4>
 	<p>Thanks to an anonymous contributor working with VeriSign iDefense Labs.</p>
@@ -48,7 +55,7 @@ OpenDocument before doing so.</p>
 
 	<p><a href="http://security.openoffice.org">Security Home</a>
 	-&gt; <a href="http://security.openoffice.org/bulletin.html">Bulletin</a>
-	-&gt; <a href="http://security.openoffice.org/security/cves/CVE-2014-3575.html">CVE-2014-3575</a></p>
+	-&gt; <a href="http://www.openoffice.org/security/cves/CVE-2015-1774.html">CVE-2015-1774</a></p>
 </body>
 </html>
 



Mime
View raw message