[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050929105452.GB19940@piware.de>
Date: Thu Sep 29 11:55:09 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-188-1] AbiWord vulnerability
===========================================================
Ubuntu Security Notice USN-188-1 September 29, 2005
abiword vulnerability
CAN-2005-2964
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
abiword
abiword-gnome
The problem can be corrected by upgrading the affected package to
version 2.0.7+cvs.2004.05.05-1ubuntu3.2 (for Ubuntu 4.10), or
2.2.2-1ubuntu2.1 (for Ubuntu 5.04). After a standard system upgrade
you need to restart AbiWord to effect the necessary changes.
Details follow:
Chris Evans discovered a buffer overflow in the RTF import module of
AbiWord. By tricking a user into opening an RTF file with specially
crafted long identifiers, an attacker could exploit this to execute
arbitrary code with the privileges of the AbiWord user.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2.diff.gz
Size/MD5: 52528 fd23a2e739ddd87fbd0cad74856796a6
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2.dsc
Size/MD5: 1157 9600f4af290ff4f837e1671dc169eb3f
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05.orig.tar.gz
Size/MD5: 21903248 665596f852d4e8d0c31c17fc292d6b29
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-doc_2.0.7+cvs.2004.05.05-1ubuntu3.2_all.deb
Size/MD5: 4085590 c78690485027b4ad72b52988ad331b11
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-help_2.0.7+cvs.2004.05.05-1ubuntu3.2_all.deb
Size/MD5: 543094 c6f2dc732a938bfe930ebf307c399f74
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/xfonts-abi_2.0.7+cvs.2004.05.05-1ubuntu3.2_all.deb
Size/MD5: 16538 16813c39182d409faf16f1d3e941ffca
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb
Size/MD5: 1455262 25d1540e08af123ee60d4d2405f1e177
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb
Size/MD5: 1989388 b991bb6c82058ec7f98914d9f1cbca26
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb
Size/MD5: 26744 c90ea36ddced6a8f6f43bb9e384d7836
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb
Size/MD5: 367136 893fb7d77ea37b6eca0109ad204997c8
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb
Size/MD5: 1991294 024875038de1c36ade618a0c99bb1b9a
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb
Size/MD5: 1453084 0eb146832bc1f455f971c897c8867abf
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb
Size/MD5: 1872588 7b08463ad33a654a53620153cad8b58f
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb
Size/MD5: 26410 9728efbb9205dd0be3eb26817aa474fd
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb
Size/MD5: 351020 500842f02161283fbe13627bdaf417ce
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb
Size/MD5: 1876228 178a5082d913274c8d2b1f4e87bd57bd
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb
Size/MD5: 1453568 1ce03972f0954d02cfa70f9706e09621
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb
Size/MD5: 1972542 9dd685ca3b0d26f05f1019a2d02bb2d3
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb
Size/MD5: 27872 eaae7c69c5a2a93b96e6673a49c28e60
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb
Size/MD5: 405560 2e49cb2b055931a569645ea6aa347400
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb
Size/MD5: 1977676 cc44b172613763e4fc2687d07920b4e7
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2-1ubuntu2.1.diff.gz
Size/MD5: 511885 064b73e18ac36e2af71f1d48cb91f820
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2-1ubuntu2.1.dsc
Size/MD5: 1133 1c1f333bd4e1f1ce5d7c89b0d54907da
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2.orig.tar.gz
Size/MD5: 27686818 de0910da088c9d36f87ba4baed320aa7
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.2.2-1ubuntu2.1_all.deb
Size/MD5: 1611690 83fa655dc34d4e23bfca466cc618fa25
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-doc_2.2.2-1ubuntu2.1_all.deb
Size/MD5: 4093036 4f5260c47d3a32e9418d7a40ea460a57
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-help_2.2.2-1ubuntu2.1_all.deb
Size/MD5: 555626 8c733a0d50ac9a2d156bc47b63fa22f3
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/xfonts-abi_2.2.2-1ubuntu2.1_all.deb
Size/MD5: 20254 3e03c14b1fdfdb7f0c6c2ff8332c0f11
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.1_amd64.deb
Size/MD5: 2459088 06e2b96e823dd0a58cb8ad2701ee8b9c
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.1_amd64.deb
Size/MD5: 35246 32b9da828577908938c212cf7f3726bb
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.1_amd64.deb
Size/MD5: 366346 60b531e6351f4b61bea51276d25148a7
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.1_amd64.deb
Size/MD5: 2461766 72cff86192b08f1593c26f1dbe021361
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.1_i386.deb
Size/MD5: 2305712 aed957cdcfdbef21444a7e73af3d5668
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.1_i386.deb
Size/MD5: 34448 66b5a2bed84e02c02f73c4900dc3553d
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.1_i386.deb
Size/MD5: 347740 8b9a61f7f4c8d5e97c4d2593fa46eed3
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.1_i386.deb
Size/MD5: 2313244 42c0d7c5f8d115e0dcf4bac8d0767622
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.1_powerpc.deb
Size/MD5: 2437408 579cf0c0fdd7f84f0ec4e9a7dee28228
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.1_powerpc.deb
Size/MD5: 37716 fa19ad5291832300c61af24471dfe9ed
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.1_powerpc.deb
Size/MD5: 405496 7ed63625f885244e388db8312d5fe1f1
http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.1_powerpc.deb
Size/MD5: 2446222 f373c21bc7416582daa8b21da4021876
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050929/e6adc773/attachment.bin
Powered by blists - more mailing lists