lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1COeTB-000pwHC__9036.70685734159$1099338021$gmane$org@finlandia.Infodrom.North.DE> Date: Mon, 1 Nov 2004 16:51:45 +0100 (CET) From: joey@...odrom.org (Martin Schulze) To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 579-1] New abiword packages fix arbitrary code execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 579-1 security@...ian.org http://www.debian.org/security/ Martin Schulze November 1st, 2004 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : abiword Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE ID : CAN-2004-0645 A buffer overflow vulnerability has been disovered in the wv library, used for converting and previewing word documents. On exploition an attacker could execute arbitrary code with the privileges of the user running the vulnerable application. For the stable distribution (woody) this problem has been fixed in version 1.0.2+cvs.2002.06.05-1woody2. The package in the unstable distribution (sid) is not affected. We recommend that you upgrade your abiword package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2.dsc Size/MD5 checksum: 1159 85bb20f96162736e29ade8d6558799d6 http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2.diff.gz Size/MD5 checksum: 48982 12356a29a3185ef367fd7a18a7374be0 http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05.orig.tar.gz Size/MD5 checksum: 16407034 0b0e1f3e42a0627a28cea970b099049d Architecture independent components: http://security.debian.org/pool/updates/main/a/abiword/abiword-doc_1.0.2+cvs.2002.06.05-1woody2_all.deb Size/MD5 checksum: 950160 e102efac6a16ded87e5e437f687a0310 http://security.debian.org/pool/updates/main/a/abiword/xfonts-abi_1.0.2+cvs.2002.06.05-1woody2_all.deb Size/MD5 checksum: 189372 96b1fd88bd7c779e692d1f97f4884992 Alpha architecture: http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_alpha.deb Size/MD5 checksum: 12324 db3b4b84b9fe45dcbd3c2e50bdf3ea08 http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_alpha.deb Size/MD5 checksum: 538558 745ddd234eebaba2d94b4dcb8482eb58 http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_alpha.deb Size/MD5 checksum: 2069076 b15d6f04af7fe12637fbf3f98bff3570 http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_alpha.deb Size/MD5 checksum: 1873718 f3c06b0ab36204d17bd7f35b8aaa9d9c http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_alpha.deb Size/MD5 checksum: 228192 0f93acbe004457b96665dfd404eb7a0d ARM architecture: http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_arm.deb Size/MD5 checksum: 12324 d79bb97457548ab36052e0e311168ac5 http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_arm.deb Size/MD5 checksum: 536122 c9a40134dad59a82a902e734c8011f78 http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_arm.deb Size/MD5 checksum: 1716898 e16c92223a1d79b11e13723dfe440b70 http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_arm.deb Size/MD5 checksum: 1533466 519589fac25720cb9932949a16e435e9 http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_arm.deb Size/MD5 checksum: 154748 69f4844084b35e02af75d2350970ae5f Intel IA-32 architecture: http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_i386.deb Size/MD5 checksum: 12316 56e899f5073f4ecf10b6cb29802da76f http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_i386.deb Size/MD5 checksum: 533908 f3d4e7035c0d0e9fcf6c53386f9305f6 http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_i386.deb Size/MD5 checksum: 1677628 bafc31f34a7f940268acb69e708db7c8 http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_i386.deb Size/MD5 checksum: 1491442 a87d8c81b54987eee14cfa5ad4cfa599 http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_i386.deb Size/MD5 checksum: 219836 2de08d80c8581d9814047c11e41d98fc Intel IA-64 architecture: http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_ia64.deb Size/MD5 checksum: 12326 16aae240a8308465fcc04e7f9697d64a http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_ia64.deb Size/MD5 checksum: 542536 e9fcc8cb137cde1015f854c6383e803f http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_ia64.deb Size/MD5 checksum: 2121940 fb962d5debe790b0a9ea5da9b82f1500 http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_ia64.deb Size/MD5 checksum: 1939620 d84fc2069f1af2ce581f6a876179c567 http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_ia64.deb Size/MD5 checksum: 311806 1664fc9ec9ed17f7c355aa2b27c9cb27 HP Precision architecture: http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_hppa.deb Size/MD5 checksum: 12322 fbe7366ac7c2d84eaa840c29bb0f0870 http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_hppa.deb Size/MD5 checksum: 537778 0e13ea49a4bf688b99297c6fa60ddbe0 http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_hppa.deb Size/MD5 checksum: 2039786 f91d12d4d6ba552a42cf4562d358f5f3 http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_hppa.deb Size/MD5 checksum: 1821044 ed470c31af565d3a836dbaed6b5956c9 http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_hppa.deb Size/MD5 checksum: 195742 8f70554c0e9fab92c733e084ac435796 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_m68k.deb Size/MD5 checksum: 12326 fda3aee08b6c7a36552c44c9e18dc2f3 http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_m68k.deb Size/MD5 checksum: 533074 623de2757f85e5f40404ad7178600900 http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_m68k.deb Size/MD5 checksum: 1602602 71341f13227b14ebebbdab7307170e5e http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_m68k.deb Size/MD5 checksum: 1416262 4123606f88103837cb0b1716e5332edc http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_m68k.deb Size/MD5 checksum: 199616 c8cbb04072b54b12e5d790d190ed5e20 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_mips.deb Size/MD5 checksum: 12324 2a9e9d8590cbff7e6eae6210dcda5963 http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_mips.deb Size/MD5 checksum: 536334 34b58292b19a97c7caf03fa8649f9588 http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_mips.deb Size/MD5 checksum: 1701150 4233b20af6d518aef680721c6e9d224f http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_mips.deb Size/MD5 checksum: 1513420 4e9ff72a764e615974d97bd1078955b6 http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_mips.deb Size/MD5 checksum: 205038 d02601a4bf14e98e8b43f0773b25e0c4 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb Size/MD5 checksum: 12322 33fbc540d53404e519a6696930e94193 http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb Size/MD5 checksum: 536470 367d3892a482f12e69f4a78ab94925b9 http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb Size/MD5 checksum: 1663230 72a084359b72dbb54d77ccf5fc2dbc5f http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb Size/MD5 checksum: 1480868 f3e424b1b36eef3bcb52c422e36393ec http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb Size/MD5 checksum: 202908 a145263d08da2e5dad0d611869180def PowerPC architecture: http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb Size/MD5 checksum: 12316 e4d9763a95a99175919c1da05fbd35d7 http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb Size/MD5 checksum: 534710 596bbd310236e97c3d967ff6fac45e2a http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb Size/MD5 checksum: 1716300 a77a54353c0f17ae35f363931dae7d47 http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb Size/MD5 checksum: 1527752 1d6a0d11fb0a4c0d59e3a84b9457964d http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb Size/MD5 checksum: 211422 bdf81bbb6ad1e18ba5140a06d4ba6493 IBM S/390 architecture: http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_s390.deb Size/MD5 checksum: 12322 41066489465b7dc84e7512a8b2467215 http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_s390.deb Size/MD5 checksum: 535134 7bee77890a9237f6a45d44c9a6fa3fb0 http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_s390.deb Size/MD5 checksum: 1603758 13a836f504b4698bce96b010e6c6a1ef http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_s390.deb Size/MD5 checksum: 1417836 da47311e33507bccba7da3ff9eb9a890 http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_s390.deb Size/MD5 checksum: 203140 bdaa7fe49b1fb7097e9bf7d8fec42d5c Sun Sparc architecture: http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_sparc.deb Size/MD5 checksum: 12326 af26ffe3a8a0c96f62f5a93003e11c77 http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_sparc.deb Size/MD5 checksum: 537396 0b7459a387b34d02fcdf200948022936 http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_sparc.deb Size/MD5 checksum: 1656854 67a1f7d6d4cc1d0a2c120a61e9983ac2 http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_sparc.deb Size/MD5 checksum: 1470270 36c383eec00251183eab2e4cd3add41d http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_sparc.deb Size/MD5 checksum: 193240 c86d477d0eda07aa9822817933b4413d These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBhluQW5ql+IAeqTIRAjbeAJsGBRyVSvrKZUO9dtjgpzmYnAY4dwCfc299 52DJk5yBb2HmbajeZBcOSew= =sG2c -----END PGP SIGNATURE-----