lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1COeTB-000pwHC__9036.70685734159$1099338021$gmane$org@finlandia.Infodrom.North.DE>
Date: Mon, 1 Nov 2004 16:51:45 +0100 (CET)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 579-1] New abiword packages fix arbitrary code execution


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 579-1                     security@...ian.org
http://www.debian.org/security/                             Martin Schulze
November 1st, 2004                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : abiword
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0645

A buffer overflow vulnerability has been disovered in the wv library,
used for converting and previewing word documents.  On exploition an
attacker could execute arbitrary code with the privileges of the user
running the vulnerable application.

For the stable distribution (woody) this problem has been fixed in
version 1.0.2+cvs.2002.06.05-1woody2.

The package in the unstable distribution (sid) is not affected.

We recommend that you upgrade your abiword package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2.dsc
      Size/MD5 checksum:     1159 85bb20f96162736e29ade8d6558799d6
    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2.diff.gz
      Size/MD5 checksum:    48982 12356a29a3185ef367fd7a18a7374be0
    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05.orig.tar.gz
      Size/MD5 checksum: 16407034 0b0e1f3e42a0627a28cea970b099049d

  Architecture independent components:

    http://security.debian.org/pool/updates/main/a/abiword/abiword-doc_1.0.2+cvs.2002.06.05-1woody2_all.deb
      Size/MD5 checksum:   950160 e102efac6a16ded87e5e437f687a0310
    http://security.debian.org/pool/updates/main/a/abiword/xfonts-abi_1.0.2+cvs.2002.06.05-1woody2_all.deb
      Size/MD5 checksum:   189372 96b1fd88bd7c779e692d1f97f4884992

  Alpha architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
      Size/MD5 checksum:    12324 db3b4b84b9fe45dcbd3c2e50bdf3ea08
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
      Size/MD5 checksum:   538558 745ddd234eebaba2d94b4dcb8482eb58
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
      Size/MD5 checksum:  2069076 b15d6f04af7fe12637fbf3f98bff3570
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
      Size/MD5 checksum:  1873718 f3c06b0ab36204d17bd7f35b8aaa9d9c
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
      Size/MD5 checksum:   228192 0f93acbe004457b96665dfd404eb7a0d

  ARM architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_arm.deb
      Size/MD5 checksum:    12324 d79bb97457548ab36052e0e311168ac5
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_arm.deb
      Size/MD5 checksum:   536122 c9a40134dad59a82a902e734c8011f78
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_arm.deb
      Size/MD5 checksum:  1716898 e16c92223a1d79b11e13723dfe440b70
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_arm.deb
      Size/MD5 checksum:  1533466 519589fac25720cb9932949a16e435e9
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_arm.deb
      Size/MD5 checksum:   154748 69f4844084b35e02af75d2350970ae5f

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_i386.deb
      Size/MD5 checksum:    12316 56e899f5073f4ecf10b6cb29802da76f
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_i386.deb
      Size/MD5 checksum:   533908 f3d4e7035c0d0e9fcf6c53386f9305f6
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_i386.deb
      Size/MD5 checksum:  1677628 bafc31f34a7f940268acb69e708db7c8
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_i386.deb
      Size/MD5 checksum:  1491442 a87d8c81b54987eee14cfa5ad4cfa599
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_i386.deb
      Size/MD5 checksum:   219836 2de08d80c8581d9814047c11e41d98fc

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
      Size/MD5 checksum:    12326 16aae240a8308465fcc04e7f9697d64a
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
      Size/MD5 checksum:   542536 e9fcc8cb137cde1015f854c6383e803f
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
      Size/MD5 checksum:  2121940 fb962d5debe790b0a9ea5da9b82f1500
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
      Size/MD5 checksum:  1939620 d84fc2069f1af2ce581f6a876179c567
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
      Size/MD5 checksum:   311806 1664fc9ec9ed17f7c355aa2b27c9cb27

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
      Size/MD5 checksum:    12322 fbe7366ac7c2d84eaa840c29bb0f0870
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
      Size/MD5 checksum:   537778 0e13ea49a4bf688b99297c6fa60ddbe0
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
      Size/MD5 checksum:  2039786 f91d12d4d6ba552a42cf4562d358f5f3
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
      Size/MD5 checksum:  1821044 ed470c31af565d3a836dbaed6b5956c9
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
      Size/MD5 checksum:   195742 8f70554c0e9fab92c733e084ac435796

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
      Size/MD5 checksum:    12326 fda3aee08b6c7a36552c44c9e18dc2f3
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
      Size/MD5 checksum:   533074 623de2757f85e5f40404ad7178600900
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
      Size/MD5 checksum:  1602602 71341f13227b14ebebbdab7307170e5e
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
      Size/MD5 checksum:  1416262 4123606f88103837cb0b1716e5332edc
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
      Size/MD5 checksum:   199616 c8cbb04072b54b12e5d790d190ed5e20

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_mips.deb
      Size/MD5 checksum:    12324 2a9e9d8590cbff7e6eae6210dcda5963
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_mips.deb
      Size/MD5 checksum:   536334 34b58292b19a97c7caf03fa8649f9588
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_mips.deb
      Size/MD5 checksum:  1701150 4233b20af6d518aef680721c6e9d224f
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_mips.deb
      Size/MD5 checksum:  1513420 4e9ff72a764e615974d97bd1078955b6
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_mips.deb
      Size/MD5 checksum:   205038 d02601a4bf14e98e8b43f0773b25e0c4

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
      Size/MD5 checksum:    12322 33fbc540d53404e519a6696930e94193
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
      Size/MD5 checksum:   536470 367d3892a482f12e69f4a78ab94925b9
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
      Size/MD5 checksum:  1663230 72a084359b72dbb54d77ccf5fc2dbc5f
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
      Size/MD5 checksum:  1480868 f3e424b1b36eef3bcb52c422e36393ec
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
      Size/MD5 checksum:   202908 a145263d08da2e5dad0d611869180def

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
      Size/MD5 checksum:    12316 e4d9763a95a99175919c1da05fbd35d7
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
      Size/MD5 checksum:   534710 596bbd310236e97c3d967ff6fac45e2a
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
      Size/MD5 checksum:  1716300 a77a54353c0f17ae35f363931dae7d47
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
      Size/MD5 checksum:  1527752 1d6a0d11fb0a4c0d59e3a84b9457964d
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
      Size/MD5 checksum:   211422 bdf81bbb6ad1e18ba5140a06d4ba6493

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_s390.deb
      Size/MD5 checksum:    12322 41066489465b7dc84e7512a8b2467215
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_s390.deb
      Size/MD5 checksum:   535134 7bee77890a9237f6a45d44c9a6fa3fb0
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_s390.deb
      Size/MD5 checksum:  1603758 13a836f504b4698bce96b010e6c6a1ef
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_s390.deb
      Size/MD5 checksum:  1417836 da47311e33507bccba7da3ff9eb9a890
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_s390.deb
      Size/MD5 checksum:   203140 bdaa7fe49b1fb7097e9bf7d8fec42d5c

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
      Size/MD5 checksum:    12326 af26ffe3a8a0c96f62f5a93003e11c77
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
      Size/MD5 checksum:   537396 0b7459a387b34d02fcdf200948022936
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
      Size/MD5 checksum:  1656854 67a1f7d6d4cc1d0a2c120a61e9983ac2
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
      Size/MD5 checksum:  1470270 36c383eec00251183eab2e4cd3add41d
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
      Size/MD5 checksum:   193240 c86d477d0eda07aa9822817933b4413d


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBhluQW5ql+IAeqTIRAjbeAJsGBRyVSvrKZUO9dtjgpzmYnAY4dwCfc299
52DJk5yBb2HmbajeZBcOSew=
=sG2c
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ