LibreOffice 4.3.7, released yesterday, and LibreOffice 4.4.2, available since early April, include a patch for the issue, and therefore offer a real solution to the problem (and not a workaround).
On 26/04/15 11:31, rost52 wrote: > Today, following mail was distributed from [email protected]. > Can LibO users face the same threat? > > QUOTE > > CVE-2015-1774 > > OpenOffice HWP Filter Remote Code Execution and Denial of Service > Vulnerability > > A vulnerability in OpenOffice's HWP filter allows attackers to cause a > denial of service (memory corruption and application crash) or possibly > execution of arbitrary code by preparing specially crafted documents in > the HWP document format. > > Severity: Important > > Vendor: The Apache Software Foundation > > Versions Affected: > > All Apache OpenOffice versions 4.1.1 and older are affected. > > Mitigation: > > Apache OpenOffice users are advised to remove the problematic library in > the "program" folder of their OpenOffice installation. On Windows it is > named "hwp.dll", on Mac it is named "libhwp.dylib" and on Linux it is > named "libhwp.so". Alternatively the library can be renamed to anything > else e.g. "hwp_renamed.dll". > This mitigation will drop AOO's support for documents created in "Hangul > Word Processor" versions from 1997 or older. Users of such documents are > advised to convert their documents to other document formats such as > OpenDocument before doing so. > > Apache OpenOffice aims to fix the vulnerability in version 4.1.2. -- Italo Vignoli - Marketing & PR mobile +39.348.5653829 - email / jabber [email protected] hangout / jabber [email protected] - skype italovignoli GPG Key ID - 0xAAB8D5C0 DB75 1534 3FD0 EA5F 56B5 FDA6 DE82 934C AAB8 D5C0 -- To unsubscribe e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
