lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050929105452.GB19940@piware.de>
Date: Thu Sep 29 11:55:09 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-188-1] AbiWord vulnerability

===========================================================
Ubuntu Security Notice USN-188-1	 September 29, 2005
abiword vulnerability
CAN-2005-2964
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

abiword
abiword-gnome

The problem can be corrected by upgrading the affected package to
version 2.0.7+cvs.2004.05.05-1ubuntu3.2 (for Ubuntu 4.10), or
2.2.2-1ubuntu2.1 (for Ubuntu 5.04).  After a standard system upgrade
you need to restart AbiWord to effect the necessary changes.

Details follow:

Chris Evans discovered a buffer overflow in the RTF import module of
AbiWord. By tricking a user into opening an RTF file with specially
crafted long identifiers, an attacker could exploit this to execute
arbitrary code with the privileges of the AbiWord user.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2.diff.gz
      Size/MD5:    52528 fd23a2e739ddd87fbd0cad74856796a6
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2.dsc
      Size/MD5:     1157 9600f4af290ff4f837e1671dc169eb3f
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05.orig.tar.gz
      Size/MD5: 21903248 665596f852d4e8d0c31c17fc292d6b29

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-doc_2.0.7+cvs.2004.05.05-1ubuntu3.2_all.deb
      Size/MD5:  4085590 c78690485027b4ad72b52988ad331b11
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-help_2.0.7+cvs.2004.05.05-1ubuntu3.2_all.deb
      Size/MD5:   543094 c6f2dc732a938bfe930ebf307c399f74
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/xfonts-abi_2.0.7+cvs.2004.05.05-1ubuntu3.2_all.deb
      Size/MD5:    16538 16813c39182d409faf16f1d3e941ffca

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb
      Size/MD5:  1455262 25d1540e08af123ee60d4d2405f1e177
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb
      Size/MD5:  1989388 b991bb6c82058ec7f98914d9f1cbca26
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb
      Size/MD5:    26744 c90ea36ddced6a8f6f43bb9e384d7836
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb
      Size/MD5:   367136 893fb7d77ea37b6eca0109ad204997c8
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb
      Size/MD5:  1991294 024875038de1c36ade618a0c99bb1b9a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb
      Size/MD5:  1453084 0eb146832bc1f455f971c897c8867abf
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb
      Size/MD5:  1872588 7b08463ad33a654a53620153cad8b58f
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb
      Size/MD5:    26410 9728efbb9205dd0be3eb26817aa474fd
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb
      Size/MD5:   351020 500842f02161283fbe13627bdaf417ce
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb
      Size/MD5:  1876228 178a5082d913274c8d2b1f4e87bd57bd

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb
      Size/MD5:  1453568 1ce03972f0954d02cfa70f9706e09621
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb
      Size/MD5:  1972542 9dd685ca3b0d26f05f1019a2d02bb2d3
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb
      Size/MD5:    27872 eaae7c69c5a2a93b96e6673a49c28e60
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb
      Size/MD5:   405560 2e49cb2b055931a569645ea6aa347400
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb
      Size/MD5:  1977676 cc44b172613763e4fc2687d07920b4e7

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2-1ubuntu2.1.diff.gz
      Size/MD5:   511885 064b73e18ac36e2af71f1d48cb91f820
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2-1ubuntu2.1.dsc
      Size/MD5:     1133 1c1f333bd4e1f1ce5d7c89b0d54907da
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2.orig.tar.gz
      Size/MD5: 27686818 de0910da088c9d36f87ba4baed320aa7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.2.2-1ubuntu2.1_all.deb
      Size/MD5:  1611690 83fa655dc34d4e23bfca466cc618fa25
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-doc_2.2.2-1ubuntu2.1_all.deb
      Size/MD5:  4093036 4f5260c47d3a32e9418d7a40ea460a57
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-help_2.2.2-1ubuntu2.1_all.deb
      Size/MD5:   555626 8c733a0d50ac9a2d156bc47b63fa22f3
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/xfonts-abi_2.2.2-1ubuntu2.1_all.deb
      Size/MD5:    20254 3e03c14b1fdfdb7f0c6c2ff8332c0f11

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.1_amd64.deb
      Size/MD5:  2459088 06e2b96e823dd0a58cb8ad2701ee8b9c
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.1_amd64.deb
      Size/MD5:    35246 32b9da828577908938c212cf7f3726bb
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.1_amd64.deb
      Size/MD5:   366346 60b531e6351f4b61bea51276d25148a7
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.1_amd64.deb
      Size/MD5:  2461766 72cff86192b08f1593c26f1dbe021361

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.1_i386.deb
      Size/MD5:  2305712 aed957cdcfdbef21444a7e73af3d5668
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.1_i386.deb
      Size/MD5:    34448 66b5a2bed84e02c02f73c4900dc3553d
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.1_i386.deb
      Size/MD5:   347740 8b9a61f7f4c8d5e97c4d2593fa46eed3
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.1_i386.deb
      Size/MD5:  2313244 42c0d7c5f8d115e0dcf4bac8d0767622

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.1_powerpc.deb
      Size/MD5:  2437408 579cf0c0fdd7f84f0ec4e9a7dee28228
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.1_powerpc.deb
      Size/MD5:    37716 fa19ad5291832300c61af24471dfe9ed
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.1_powerpc.deb
      Size/MD5:   405496 7ed63625f885244e388db8312d5fe1f1
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.1_powerpc.deb
      Size/MD5:  2446222 f373c21bc7416582daa8b21da4021876
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050929/e6adc773/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ