[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060614191804.GA7265@piware.de>
Date: Wed, 14 Jun 2006 21:18:04 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-300-1] wv2 vulnerability
===========================================================
Ubuntu Security Notice USN-300-1 June 14, 2006
wv2 vulnerability
CVE-2006-2197
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
libwv2-1 0.2.2-1ubuntu1.1
libwv2-dev 0.2.2-1ubuntu1.1
Ubuntu 5.10:
libwv2-1c2 0.2.2-1ubuntu2.1
libwv2-dev 0.2.2-1ubuntu2.1
Ubuntu 6.06 LTS:
libwv2-1c2 0.2.2-5ubuntu0.1
libwv2-dev 0.2.2-5ubuntu0.1
After a standard system upgrade you need to restart KWord to effect
the necessary changes.
Details follow:
libwv2 did not sufficiently check the validity of its input. Certain
invalid Word documents caused a buffer overflow. By tricking a user
into opening a specially crafted Word file with an application that
uses libwv2, this could be exploited to execute arbitrary code with
the user's privileges.
The only packaged application using this library is KWord.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/wv2_0.2.2-1ubuntu1.1.diff.gz
Size/MD5: 16104 63df0ae571a2b6aeec69f9cb2373d1b9
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/wv2_0.2.2-1ubuntu1.1.dsc
Size/MD5: 661 b65ca0f07e82728296575737442c23b5
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/wv2_0.2.2.orig.tar.gz
Size/MD5: 855198 45fdc6df614f91e94d3b978dd8414e3b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-1_0.2.2-1ubuntu1.1_amd64.deb
Size/MD5: 243364 6e29b4a9882dce4dffc6d946e0957ca6
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-dev_0.2.2-1ubuntu1.1_amd64.deb
Size/MD5: 183310 5e2b9cbb4f2548b48f0c1c5d34d08c20
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-1_0.2.2-1ubuntu1.1_i386.deb
Size/MD5: 232014 af559c86604bf323dadafbf44159125e
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-dev_0.2.2-1ubuntu1.1_i386.deb
Size/MD5: 183308 bdb2ca946ba0689ac262c0b907f5fc64
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-1_0.2.2-1ubuntu1.1_powerpc.deb
Size/MD5: 221856 a2a7149c998191c373bf9cf3ec312f30
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-dev_0.2.2-1ubuntu1.1_powerpc.deb
Size/MD5: 183312 afa93e9c16613bcd9afee555e5a922cd
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-1ubuntu2.1.diff.gz
Size/MD5: 16170 7a07243952babcbc99fd59d82290d348
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-1ubuntu2.1.dsc
Size/MD5: 663 293e081bc9ae957ae7dcdcd559f09d05
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2.orig.tar.gz
Size/MD5: 855198 45fdc6df614f91e94d3b978dd8414e3b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-1ubuntu2.1_amd64.deb
Size/MD5: 272274 a9b18398d4266768b0232e0f0441a55d
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-1ubuntu2.1_amd64.deb
Size/MD5: 183332 e897aac4010b63ae4fd8c5dc5de9a8aa
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-1ubuntu2.1_i386.deb
Size/MD5: 240956 9fec9a49d9cdbe447a37cea80cce0ef5
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-1ubuntu2.1_i386.deb
Size/MD5: 183328 4b48ad49dff6c4c236c0323387a2232c
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-1ubuntu2.1_powerpc.deb
Size/MD5: 244644 73b01188d26474efa183eef9cbdaa4d2
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-1ubuntu2.1_powerpc.deb
Size/MD5: 183338 e3adfe6108ae54a24dca635965ec6828
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-5ubuntu0.1.diff.gz
Size/MD5: 711482 de2a0a853439ae46d3946d5b51e3bb41
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-5ubuntu0.1.dsc
Size/MD5: 816 bcfd690cd308fa1cbd4bb87b6fc0714a
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2.orig.tar.gz
Size/MD5: 855198 45fdc6df614f91e94d3b978dd8414e3b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-5ubuntu0.1_amd64.deb
Size/MD5: 246200 b4fde95a8c49d0ee5a11db3bc79a111d
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-5ubuntu0.1_amd64.deb
Size/MD5: 183932 e0033bbc17eb6bd347b9e7d2dc45ebfe
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-5ubuntu0.1_i386.deb
Size/MD5: 224862 5e1520c6daf81fde5bd099cda8f4cc8f
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-5ubuntu0.1_i386.deb
Size/MD5: 183926 fc25e34d9307a86fb593e94ad9889264
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-5ubuntu0.1_powerpc.deb
Size/MD5: 224956 4246d28c91828b4f10e5b14b13f15056
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-5ubuntu0.1_powerpc.deb
Size/MD5: 183936 b1fbce3fd76a44478d94c6f8a344ae4d
Download attachment "signature.asc" of type "application/pgp-signature" (192 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists