Author: buildbot
Date: Sun Apr 26 15:57:24 2015
New Revision: 949239
Log:
Staging update by buildbot for ooo-site
Added:
websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
Modified:
websites/staging/ooo-site/trunk/cgi-bin/ (props changed)
websites/staging/ooo-site/trunk/content/ (props changed)
websites/staging/ooo-site/trunk/content/security/bulletin.html
Propchange: websites/staging/ooo-site/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sun Apr 26 15:57:24 2015
@@ -1 +1 @@
-1675933
+1676119
Propchange: websites/staging/ooo-site/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sun Apr 26 15:57:24 2015
@@ -1 +1 @@
-1675933
+1676119
Modified: websites/staging/ooo-site/trunk/content/security/bulletin.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/bulletin.html (original)
+++ websites/staging/ooo-site/trunk/content/security/bulletin.html Sun Apr 26
15:57:24 2015
@@ -33,6 +33,11 @@
<p><strong>If you want to stay up to date on Apache OpenOffice security
announcements, please subscribe to our <a href="alerts.html">security-alerts
mailing list</a>.</strong></p>
+ <h3>Current for Apache OpenOffice 4.1.1 (workaround available)</h3>
+<ul>
+<li><a href="cves/CVE-2015-1774.html">CVE-2015-1774</a>: OpenOffice HWP Filter
Remote Execution and DoS Vulnerability</li>
+</ul>
+
<h3>Fixed in Apache OpenOffice 4.1.1</h3>
<ul>
<li><a href="cves/CVE-2014-3575.html">CVE-2014-3575</a>: Targeted Data
Exposure Using Creafted OLE Objects in Apache OpenOffice</li>
Added: websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
(added)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2015-1774.html
Sun Apr 26 15:57:24 2015
@@ -0,0 +1,71 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+ <title>CVE-2014-3575</title>
+ <style type="text/css"></style>
+
+<!--#include virtual="/google-analytics.js" -->
+<!--#include virtual="/scripts/entourage.js" -->
+</head>
+<body>
+<!--#include virtual="/brand.html" -->
+ <div id="topbara">
+ <!--#include virtual="/topnav.html" -->
+ <div id="breadcrumbsa"><a href="/">home</a> » <a
href="/security/">security</a> » <a
href="/security/cves/">cves</a></div>
+ </div>
+ <div id="clear"></div>
+
+
+ <div id="content">
+
+
+
+ <h2><a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1774";>CVE-2015-1774</a></h2>
+
+ <h3>OpenOffice HWP Filter Remote Code Execution and Denial of
Service</h3>
+
+ <ul>
+ <h4>Severity: Important</h4>
+ <h4>Vendor: The Apache Software Foundation</h4>
+ <h4>Versions Affected:</h4>
+ <ul>
+ <li>Apache OpenOffice 4.1.1 and older.</li>
+ </ul>
+
+ <h4>Description</h4>
+ <p>A vulnerability in OpenOffice's HWP filter allows attackers to cause
a
+denial of service (memory corruption and application crash) or possibly
+execution of arbitrary code by preparing specially crafted documents in
+the HWP document format.</p>
+
+ <h4>Mitigation</h4>
+ <p>Apache OpenOffice users are advised to remove the problematic
library in
+the "program" folder of their OpenOffice installation. On Windows it is
+named "hwp.dll", on Mac it is named "libhwp.dylib" (step-by-step instructions:
go to the Applications folder in Finder;
+right click on OpenOffice.app; click on "Show Package Contents"; then search
for the file "libhwp.dylib" with Finder's search function, or
+Look for it in the folder "Contents/MacOS"; then delete the file) and on Linux
it is
+named "libhwp.so". Alternatively the library can be renamed to anything
+else e.g. "hwp_renamed.dll".
+This mitigation will drop support for documents created in "Hangul
+Word Processor" versions from 1997 or older. Users of such documents are
+advised to convert their documents to other document formats such as
+OpenDocument before doing so.</p>
+
+ <h4>Further information</h4>
+ <p>Apache OpenOffice aims to fix the vulnerability in version 4.1.2,
not released yet.</p>
+
+ <h4>Credits</h4>
+ <p>Thanks to an anonymous contributor working with VeriSign iDefense
Labs.</p>
+
+ <hr />
+
+ <p><a href="http://security.openoffice.org";>Security Home</a>
+ -> <a
href="http://security.openoffice.org/bulletin.html";>Bulletin</a>
+ -> <a
href="http://security.openoffice.org/security/cves/CVE-2014-3575.html";>CVE-2014-3575</a></p>
+
+ </div>
+<!--#include virtual="/footer.html" -->
+</body>
+</html>
