lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060614191804.GA7265@piware.de>
Date: Wed, 14 Jun 2006 21:18:04 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-300-1] wv2 vulnerability

=========================================================== 
Ubuntu Security Notice USN-300-1              June 14, 2006
wv2 vulnerability
CVE-2006-2197
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libwv2-1                       0.2.2-1ubuntu1.1
  libwv2-dev                     0.2.2-1ubuntu1.1

Ubuntu 5.10:
  libwv2-1c2                     0.2.2-1ubuntu2.1
  libwv2-dev                     0.2.2-1ubuntu2.1

Ubuntu 6.06 LTS:
  libwv2-1c2                     0.2.2-5ubuntu0.1
  libwv2-dev                     0.2.2-5ubuntu0.1

After a standard system upgrade you need to restart KWord to effect
the necessary changes.

Details follow:

libwv2 did not sufficiently check the validity of its input. Certain
invalid Word documents caused a buffer overflow. By tricking a user
into opening a specially crafted Word file with an application that
uses libwv2, this could be exploited to execute arbitrary code with
the user's privileges.

The only packaged application using this library is KWord.

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/wv2_0.2.2-1ubuntu1.1.diff.gz
      Size/MD5:    16104 63df0ae571a2b6aeec69f9cb2373d1b9
    http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/wv2_0.2.2-1ubuntu1.1.dsc
      Size/MD5:      661 b65ca0f07e82728296575737442c23b5
    http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/wv2_0.2.2.orig.tar.gz
      Size/MD5:   855198 45fdc6df614f91e94d3b978dd8414e3b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-1_0.2.2-1ubuntu1.1_amd64.deb
      Size/MD5:   243364 6e29b4a9882dce4dffc6d946e0957ca6
    http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-dev_0.2.2-1ubuntu1.1_amd64.deb
      Size/MD5:   183310 5e2b9cbb4f2548b48f0c1c5d34d08c20

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-1_0.2.2-1ubuntu1.1_i386.deb
      Size/MD5:   232014 af559c86604bf323dadafbf44159125e
    http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-dev_0.2.2-1ubuntu1.1_i386.deb
      Size/MD5:   183308 bdb2ca946ba0689ac262c0b907f5fc64

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-1_0.2.2-1ubuntu1.1_powerpc.deb
      Size/MD5:   221856 a2a7149c998191c373bf9cf3ec312f30
    http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-dev_0.2.2-1ubuntu1.1_powerpc.deb
      Size/MD5:   183312 afa93e9c16613bcd9afee555e5a922cd

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-1ubuntu2.1.diff.gz
      Size/MD5:    16170 7a07243952babcbc99fd59d82290d348
    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-1ubuntu2.1.dsc
      Size/MD5:      663 293e081bc9ae957ae7dcdcd559f09d05
    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2.orig.tar.gz
      Size/MD5:   855198 45fdc6df614f91e94d3b978dd8414e3b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-1ubuntu2.1_amd64.deb
      Size/MD5:   272274 a9b18398d4266768b0232e0f0441a55d
    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-1ubuntu2.1_amd64.deb
      Size/MD5:   183332 e897aac4010b63ae4fd8c5dc5de9a8aa

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-1ubuntu2.1_i386.deb
      Size/MD5:   240956 9fec9a49d9cdbe447a37cea80cce0ef5
    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-1ubuntu2.1_i386.deb
      Size/MD5:   183328 4b48ad49dff6c4c236c0323387a2232c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-1ubuntu2.1_powerpc.deb
      Size/MD5:   244644 73b01188d26474efa183eef9cbdaa4d2
    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-1ubuntu2.1_powerpc.deb
      Size/MD5:   183338 e3adfe6108ae54a24dca635965ec6828

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-5ubuntu0.1.diff.gz
      Size/MD5:   711482 de2a0a853439ae46d3946d5b51e3bb41
    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-5ubuntu0.1.dsc
      Size/MD5:      816 bcfd690cd308fa1cbd4bb87b6fc0714a
    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2.orig.tar.gz
      Size/MD5:   855198 45fdc6df614f91e94d3b978dd8414e3b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-5ubuntu0.1_amd64.deb
      Size/MD5:   246200 b4fde95a8c49d0ee5a11db3bc79a111d
    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-5ubuntu0.1_amd64.deb
      Size/MD5:   183932 e0033bbc17eb6bd347b9e7d2dc45ebfe

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-5ubuntu0.1_i386.deb
      Size/MD5:   224862 5e1520c6daf81fde5bd099cda8f4cc8f
    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-5ubuntu0.1_i386.deb
      Size/MD5:   183926 fc25e34d9307a86fb593e94ad9889264

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-5ubuntu0.1_powerpc.deb
      Size/MD5:   224956 4246d28c91828b4f10e5b14b13f15056
    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-5ubuntu0.1_powerpc.deb
      Size/MD5:   183936 b1fbce3fd76a44478d94c6f8a344ae4d


Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ