-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
NOTICE: UPDATE TO APACHE OPENOFFICE SECURITY ADVISORY CVE-2015-1774 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1774> Apache OpenOffice Advisory <https://www.openoffice.org/security/cves/CVE-2015-1774.html> Title: OutofBounds Write in HWP File Filter Version 2.0 Announced April 27, 2015 Updated October 28, 2015 A vulnerability in OpenOffice's HWP filter allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) and possible execution of arbitrary code. Severity: Important Vendor: The Apache Software Foundation Versions Affected All Apache OpenOffice versions 4.1.1 and older are affected. OpenOffice.org versions are also affected. Mitigation Update to Apache OpenOffice 4.1.2 or a later version. This mitigation drops Apache OpenOffice support for documents created in "Hangul Word Processor" format. The filter is not installed; it will not be used even if present. Workarounds and Document Migration Users of older HWP-format documents that are already trusted should convert those documents to other formats before removing the filter or upgrading to Apache OpenOffice version 4.1.2. Apache OpenOffice users who do not upgrade can remove the problematic filter themselves. The filter is in the "program" folder of their OpenOffice installation. On Windows the filter is named "hwp.dll", on Mac it is named "libhwp.dylib" and on Linux it is named "libhwp.so". Alternatively the filter can be renamed to anything else (e.g. "hwp_renamed.dll") to disable its use. Further Information For additional information and assistance, consult the Apache OpenOffice Community Forums, <https://forum.openoffice.org/>, or make requests to the <mailto:us...@openoffice.apache.org> public mailing list. Credits Thanks to an anonymous contributor working with VeriSign iDefense Labs. PGP key Fingerprint 04D0 4322 979B 84DE 1077 0334 F96E 89FF D456 628A <https://people.apache.org/keys/committer/orcmid.asc> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJWMRKyAAoJEPluif/UVmKKabUIAKZV34B7Ey16PAc8/0cPlPgE s03VNkMRL4gTutF7CZemgCS05IuMgNstvBmqOMhUKQhvYgwrCLCYmARAYDTCeAMv dd4bpRgp1h7oq10P81Njts3IxKV/hjIqtY++D6BX/8ZSiyNpmBK2mj8UqArRiURF ukr8ucJlkABfeGOEuM/mYUP3H1/lcGFce/Y+MuBXSBWU0aqm3edv5GtM/xdlYag4 VabhjS28CNpAoMNEAdI46yFJqTOTy+94ka80FZvNm/IIT/E3HBHTU80+W1JMD5W9 G19mhJsQcXIpiUaix13BytcIjVwehmOHLHzoLbB60OSUkIKGHhJCrfZ2gbgFH1Q= =mH/G -----END PGP SIGNATURE-----