openoffice-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <orc...@apache.org>
Subject CVE-2015-1774 Advisory Update for Apache OpenOffice 4.1.2
Date Fri, 30 Oct 2015 16:56:19 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


         NOTICE: UPDATE TO APACHE OPENOFFICE SECURITY ADVISORY

CVE-2015-1774
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1774>
Apache OpenOffice Advisory
<https://www.openoffice.org/security/cves/CVE-2015-1774.html>

Title: OutofBounds Write in HWP File Filter

Version 2.0
Announced April 27, 2015
Updated October 28, 2015

    A vulnerability in OpenOffice's HWP filter allows attackers to
    craft malicious documents that cause denial of service (memory
    corruption and application crash) and possible execution of
    arbitrary code.

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected

    All Apache OpenOffice versions 4.1.1 and older are affected.
    OpenOffice.org versions are also affected.

Mitigation

    Update to Apache OpenOffice 4.1.2 or a later version.

    This mitigation drops Apache OpenOffice  support for documents
    created in "Hangul Word Processor" format. The filter is not
    installed; it will not be used even if present.

Workarounds and Document Migration

    Users of older HWP-format documents that are already trusted
    should convert those documents to other formats before removing
    the filter or upgrading to Apache OpenOffice version 4.1.2.

    Apache OpenOffice users who do not upgrade can remove the
    problematic filter themselves.  The filter is in the "program"
    folder of their OpenOffice installation. On Windows the filter
    is named "hwp.dll", on Mac it is named "libhwp.dylib" and on
    Linux it is named "libhwp.so".  Alternatively the filter can
    be renamed to anything else (e.g. "hwp_renamed.dll") to disable
    its use.

Further Information

    For additional information and assistance, consult the Apache
    OpenOffice Community Forums, <https://forum.openoffice.org/>,
    or make requests to the <mailto:users@openoffice.apache.org>
    public mailing list.

Credits

    Thanks to an anonymous contributor working with VeriSign
    iDefense Labs.


PGP key Fingerprint 04D0 4322 979B 84DE 1077 0334 F96E 89FF D456 628A
        <https://people.apache.org/keys/committer/orcmid.asc>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWMRKyAAoJEPluif/UVmKKabUIAKZV34B7Ey16PAc8/0cPlPgE
s03VNkMRL4gTutF7CZemgCS05IuMgNstvBmqOMhUKQhvYgwrCLCYmARAYDTCeAMv
dd4bpRgp1h7oq10P81Njts3IxKV/hjIqtY++D6BX/8ZSiyNpmBK2mj8UqArRiURF
ukr8ucJlkABfeGOEuM/mYUP3H1/lcGFce/Y+MuBXSBWU0aqm3edv5GtM/xdlYag4
VabhjS28CNpAoMNEAdI46yFJqTOTy+94ka80FZvNm/IIT/E3HBHTU80+W1JMD5W9
G19mhJsQcXIpiUaix13BytcIjVwehmOHLHzoLbB60OSUkIKGHhJCrfZ2gbgFH1Q=
=mH/G
-----END PGP SIGNATURE-----



Mime
View raw message