[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20051013145136.GD16818@piware.de>
Date: Thu, 13 Oct 2005 16:51:36 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-203-1] Abiword vulnerabilities
===========================================================
Ubuntu Security Notice USN-203-1 October 13, 2005
abiword vulnerabilities
CAN-2005-2972
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
abiword
The problem can be corrected by upgrading the affected package to
version 2.0.7+cvs.2004.05.05-1ubuntu3.3 (for Ubuntu 4.10), or
2.2.2-1ubuntu2.2 (for Ubuntu 5.04). After a standard system upgrade
you have to restart Abiword to effect the necessary changes.
Details follow:
Chris Evans discovered several buffer overflows in the RTF import
module of AbiWord. By tricking a user into opening an RTF file with
specially crafted long identifiers, an attacker could exploit this to
execute arbitrary code with the privileges of the AbiWord user.
Updated packages for Ubuntu 4.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3.diff.gz
Size/MD5: 53513 e4e2d3d54c83a168e82d70b137ee057c
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3.dsc
Size/MD5: 1157 037c7c524016edeaa473c6c0d062bce8
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05.orig.tar.gz
Size/MD5: 21903248 665596f852d4e8d0c31c17fc292d6b29
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-doc_2.0.7+cvs.2004.05.05-1ubuntu3.3_all.deb
Size/MD5: 4085668 6e2e530a16e993ad086d42956c5803c2
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-help_2.0.7+cvs.2004.05.05-1ubuntu3.3_all.deb
Size/MD5: 543156 8bc408bd3ad1e666e5e357ae36e53932
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/xfonts-abi_2.0.7+cvs.2004.05.05-1ubuntu3.3_all.deb
Size/MD5: 16596 75430c23dad8ae4d0a7308265d408003
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
Size/MD5: 1455334 d7e4f6e69c1b7a447efceaf04ff68ea0
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
Size/MD5: 1989318 c268d65eb11b0b52fb60dcc9ba5bedd1
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
Size/MD5: 26802 b4fa13f3573367b2015988d4f18dc614
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
Size/MD5: 367222 6474c5943df1fce5bead6694a1261d6a
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
Size/MD5: 1991322 1af7def6dd93a82d2cec1e88ec2d4b5c
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
Size/MD5: 1453160 04cb3db059e360a88db13f1808559450
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
Size/MD5: 1872762 5e1e82e05a66130fa20bea41fbe095a6
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
Size/MD5: 26478 f67599750d41755a8b78a04b1dbdde5f
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
Size/MD5: 351082 7da163ac9814bafa7973403a2b8c1193
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
Size/MD5: 1876422 e9d75623f08356390d4065d472f3c9c9
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
Size/MD5: 1453644 555f171b5a2d416145ec6c6127dbc5d8
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
Size/MD5: 1972602 46cbb19e7d0ba940af215f0db405bb14
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
Size/MD5: 27940 e9583dbfa15f30f45f6112d0f75a6236
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
Size/MD5: 405638 170b9be3298268ec25ba858681a8fa16
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
Size/MD5: 1977814 e1ae70a2581e791bd387132ff6ed48c3
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2-1ubuntu2.2.diff.gz
Size/MD5: 512286 4f9111c0c96189e819605417cef919ba
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2-1ubuntu2.2.dsc
Size/MD5: 1133 12447eb5bba474c2c28011b63868b7bf
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2.orig.tar.gz
Size/MD5: 27686818 de0910da088c9d36f87ba4baed320aa7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.2.2-1ubuntu2.2_all.deb
Size/MD5: 1611804 c22ad1a8d3a687f84b6f6c8e327bc216
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-doc_2.2.2-1ubuntu2.2_all.deb
Size/MD5: 4093116 d8509ebb24da9e975f7adea5651e1c27
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-help_2.2.2-1ubuntu2.2_all.deb
Size/MD5: 555690 f6f37a6eed302e0aa04e63b3c395e04f
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/xfonts-abi_2.2.2-1ubuntu2.2_all.deb
Size/MD5: 20316 823e817b6a7f9359e75e4e70f65c508f
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.2_amd64.deb
Size/MD5: 2459120 363c7d7397cc12f0e6cd804a14533a3b
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.2_amd64.deb
Size/MD5: 35308 a8aa7db9d7d9695d172ff74c1143163e
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.2_amd64.deb
Size/MD5: 366414 098cd51bb43055fcf304d0cc5a10e8ac
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.2_amd64.deb
Size/MD5: 2462240 05ee037c9a7c1092f4cac3b095e852ba
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.2_i386.deb
Size/MD5: 2305594 58c79c4cdcb8b50c3d1122e8e7d944e5
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.2_i386.deb
Size/MD5: 34506 e3277cd136acf63fb2d8978507f25875
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.2_i386.deb
Size/MD5: 347820 121c8efea7da8dc8e75e406bb737d590
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.2_i386.deb
Size/MD5: 2313410 cff177fcfdfa53d98444d205b32bb4b3
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.2_powerpc.deb
Size/MD5: 2437662 a063445c8a12e05f7acd5c4971c10cdc
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.2_powerpc.deb
Size/MD5: 37764 a33d01df37344e9ca72e1a4f153cfa7b
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.2_powerpc.deb
Size/MD5: 405540 f2ad4fe71f8e2edf22a563ecd221b0af
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.2_powerpc.deb
Size/MD5: 2446330 45d0174d1074137d9ea0b0974749bbe8
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists