2015-04-26 11:47 GMT+02:00 Italo Vignoli <[email protected]>: > LibreOffice 4.3.7, released yesterday, and LibreOffice 4.4.2, available > since early April, include a patch for the issue, and therefore offer a > real solution to the problem (and not a workaround). > > On 26/04/15 11:31, rost52 wrote: > > Today, following mail was distributed from > [email protected]. > > Can LibO users face the same threat? > > > > QUOTE > > > > CVE-2015-1774 > > > > OpenOffice HWP Filter Remote Code Execution and Denial of Service > > Vulnerability > > > > A vulnerability in OpenOffice's HWP filter allows attackers to cause a > > denial of service (memory corruption and application crash) or possibly > > execution of arbitrary code by preparing specially crafted documents in > > the HWP document format. > > > > Severity: Important > > > > Vendor: The Apache Software Foundation > > > > Versions Affected: > > > > All Apache OpenOffice versions 4.1.1 and older are affected. > > > > Mitigation: > > > > Apache OpenOffice users are advised to remove the problematic library in > > the "program" folder of their OpenOffice installation. On Windows it is > > named "hwp.dll", on Mac it is named "libhwp.dylib" and on Linux it is > > named "libhwp.so". Alternatively the library can be renamed to anything > > else e.g. "hwp_renamed.dll". > > This mitigation will drop AOO's support for documents created in "Hangul > > Word Processor" versions from 1997 or older. Users of such documents are > > advised to convert their documents to other document formats such as > > OpenDocument before doing so. > > > > Apache OpenOffice aims to fix the vulnerability in version 4.1.2. > > > > -- > Italo Vignoli - Marketing & PR > mobile +39.348.5653829 - email / jabber [email protected] > hangout / jabber [email protected] - skype italovignoli > GPG Key ID - 0xAAB8D5C0 > DB75 1534 3FD0 EA5F 56B5 FDA6 DE82 934C AAB8 D5C0
​Thanks, Italo - good to know that the LibO devs were on to this one !... [?] Henri -- To unsubscribe e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
