Author: pescetti
Date: Tue Apr 28 06:45:56 2015
New Revision: 1676416
URL: http://svn.apache.org/r1676416
Log:
Minor fixes and clarifications. Step-by-step instructions for Windows.
Modified:
openoffice/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
Modified: openoffice/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
URL:
http://svn.apache.org/viewvc/openoffice/ooo-site/trunk/content/security/cves/CVE-2015-1774.html?rev=1676416&r1=1676415&r2=1676416&view=diff
==============================================================================
--- openoffice/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
(original)
+++ openoffice/ooo-site/trunk/content/security/cves/CVE-2015-1774.html Tue Apr
28 06:45:56 2015
@@ -1,14 +1,14 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head profile="http://www.w3.org/2005/10/profile";>
- <title>CVE-2014-3575</title>
+ <title>CVE-2015-1774</title>
<style type="text/css"></style>
</head>
<body>
<h2><a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1774";>CVE-2015-1774</a></h2>
- <h3>OpenOffice HWP Filter Remote Code Execution and Denial of
Service</h3>
+ <h3>OpenOffice HWP Filter Remote Code Execution and Denial of Service
Vulnerability</h3>
<ul>
<h4>Severity: Important</h4>
@@ -27,11 +27,18 @@ the HWP document format.</p>
<h4>Mitigation</h4>
<p>Apache OpenOffice users are advised to remove the problematic
library in
-the "program" folder of their OpenOffice installation. On Windows it is
-named "hwp.dll", on Mac it is named "libhwp.dylib" (step-by-step instructions:
go to the Applications folder in Finder;
-right click on OpenOffice.app; click on "Show Package Contents"; then search
for the file "libhwp.dylib" with Finder's search function, or
-Look for it in the folder "Contents/MacOS"; then delete the file) and on Linux
it is
-named "libhwp.so". Alternatively the library can be renamed to anything
+the "program" folder of their OpenOffice installation.
+On <strong>Windows</strong> it is named "hwp.dll"
+(step-by-step instructions: open the Apache OpenOffice program folder,
+usually "C:\Program Files (x86)\OpenOffice 4\program"; delete or rename
+any files whose name starts with "hwp"),
+on <strong>Mac OS X</strong> it is named "libhwp.dylib"
+(step-by-step instructions: go to the Applications folder in Finder;
+right click on OpenOffice.app; click on "Show Package Contents"; then
+search for the file "libhwp.dylib" with Finder's search function, or
+look for it in the folder "Contents/MacOS"; then delete the file)
+and on Linux it is named "libhwp.so".
+Alternatively the library can be renamed to anything
else e.g. "hwp_renamed.dll".
This mitigation will drop support for documents created in "Hangul
Word Processor" versions from 1997 or older. Users of such documents are
@@ -39,7 +46,7 @@ advised to convert their documents to ot
OpenDocument before doing so.</p>
<h4>Further information</h4>
- <p>Apache OpenOffice aims to fix the vulnerability in version 4.1.2,
not released yet.</p>
+ <p>Apache OpenOffice aims to fix the vulnerability in version
4.1.2.</p>
<h4>Credits</h4>
<p>Thanks to an anonymous contributor working with VeriSign iDefense
Labs.</p>
@@ -48,7 +55,7 @@ OpenDocument before doing so.</p>
<p><a href="http://security.openoffice.org";>Security Home</a>
-> <a
href="http://security.openoffice.org/bulletin.html";>Bulletin</a>
- -> <a
href="http://security.openoffice.org/security/cves/CVE-2014-3575.html";>CVE-2014-3575</a></p>
+ -> <a
href="http://www.openoffice.org/security/cves/CVE-2015-1774.html";>CVE-2015-1774</a></p>
</body>
</html>
