Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[USN-203-1] Abiword vulnerabilities
From: Martin Pitt <martin.pitt () canonical com>
Date: Thu, 13 Oct 2005 16:51:36 +0200

===========================================================
Ubuntu Security Notice USN-203-1           October 13, 2005
abiword vulnerabilities
CAN-2005-2972
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

abiword

The problem can be corrected by upgrading the affected package to
version 2.0.7+cvs.2004.05.05-1ubuntu3.3 (for Ubuntu 4.10), or
2.2.2-1ubuntu2.2 (for Ubuntu 5.04). After a standard system upgrade
you have to restart Abiword to effect the necessary changes.

Details follow:

Chris Evans discovered several buffer overflows in the RTF import
module of AbiWord. By tricking a user into opening an RTF file with
specially crafted long identifiers, an attacker could exploit this to
execute arbitrary code with the privileges of the AbiWord user.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3.diff.gz
      Size/MD5:    53513 e4e2d3d54c83a168e82d70b137ee057c
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3.dsc
      Size/MD5:     1157 037c7c524016edeaa473c6c0d062bce8
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05.orig.tar.gz
      Size/MD5: 21903248 665596f852d4e8d0c31c17fc292d6b29

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-doc_2.0.7+cvs.2004.05.05-1ubuntu3.3_all.deb
      Size/MD5:  4085668 6e2e530a16e993ad086d42956c5803c2
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-help_2.0.7+cvs.2004.05.05-1ubuntu3.3_all.deb
      Size/MD5:   543156 8bc408bd3ad1e666e5e357ae36e53932
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/xfonts-abi_2.0.7+cvs.2004.05.05-1ubuntu3.3_all.deb
      Size/MD5:    16596 75430c23dad8ae4d0a7308265d408003

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
      Size/MD5:  1455334 d7e4f6e69c1b7a447efceaf04ff68ea0
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
      Size/MD5:  1989318 c268d65eb11b0b52fb60dcc9ba5bedd1
    
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
      Size/MD5:    26802 b4fa13f3573367b2015988d4f18dc614
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
      Size/MD5:   367222 6474c5943df1fce5bead6694a1261d6a
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
      Size/MD5:  1991322 1af7def6dd93a82d2cec1e88ec2d4b5c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
      Size/MD5:  1453160 04cb3db059e360a88db13f1808559450
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
      Size/MD5:  1872762 5e1e82e05a66130fa20bea41fbe095a6
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
      Size/MD5:    26478 f67599750d41755a8b78a04b1dbdde5f
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
      Size/MD5:   351082 7da163ac9814bafa7973403a2b8c1193
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
      Size/MD5:  1876422 e9d75623f08356390d4065d472f3c9c9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
      Size/MD5:  1453644 555f171b5a2d416145ec6c6127dbc5d8
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
      Size/MD5:  1972602 46cbb19e7d0ba940af215f0db405bb14
    
http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
      Size/MD5:    27940 e9583dbfa15f30f45f6112d0f75a6236
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
      Size/MD5:   405638 170b9be3298268ec25ba858681a8fa16
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
      Size/MD5:  1977814 e1ae70a2581e791bd387132ff6ed48c3

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2-1ubuntu2.2.diff.gz
      Size/MD5:   512286 4f9111c0c96189e819605417cef919ba
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2-1ubuntu2.2.dsc
      Size/MD5:     1133 12447eb5bba474c2c28011b63868b7bf
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2.orig.tar.gz
      Size/MD5: 27686818 de0910da088c9d36f87ba4baed320aa7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.2.2-1ubuntu2.2_all.deb
      Size/MD5:  1611804 c22ad1a8d3a687f84b6f6c8e327bc216
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-doc_2.2.2-1ubuntu2.2_all.deb
      Size/MD5:  4093116 d8509ebb24da9e975f7adea5651e1c27
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-help_2.2.2-1ubuntu2.2_all.deb
      Size/MD5:   555690 f6f37a6eed302e0aa04e63b3c395e04f
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/xfonts-abi_2.2.2-1ubuntu2.2_all.deb
      Size/MD5:    20316 823e817b6a7f9359e75e4e70f65c508f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.2_amd64.deb
      Size/MD5:  2459120 363c7d7397cc12f0e6cd804a14533a3b
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.2_amd64.deb
      Size/MD5:    35308 a8aa7db9d7d9695d172ff74c1143163e
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.2_amd64.deb
      Size/MD5:   366414 098cd51bb43055fcf304d0cc5a10e8ac
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.2_amd64.deb
      Size/MD5:  2462240 05ee037c9a7c1092f4cac3b095e852ba

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.2_i386.deb
      Size/MD5:  2305594 58c79c4cdcb8b50c3d1122e8e7d944e5
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.2_i386.deb
      Size/MD5:    34506 e3277cd136acf63fb2d8978507f25875
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.2_i386.deb
      Size/MD5:   347820 121c8efea7da8dc8e75e406bb737d590
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.2_i386.deb
      Size/MD5:  2313410 cff177fcfdfa53d98444d205b32bb4b3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.2_powerpc.deb
      Size/MD5:  2437662 a063445c8a12e05f7acd5c4971c10cdc
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.2_powerpc.deb
      Size/MD5:    37764 a33d01df37344e9ca72e1a4f153cfa7b
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.2_powerpc.deb
      Size/MD5:   405540 f2ad4fe71f8e2edf22a563ecd221b0af
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.2_powerpc.deb
      Size/MD5:  2446330 45d0174d1074137d9ea0b0974749bbe8

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • [USN-203-1] Abiword vulnerabilities Martin Pitt (Oct 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault