Debian: abiword arbitrary code execution fix

    Date 01 Nov 2004
    Posted By LinuxSecurity Advisories
    A buffer overflow vulnerability has been disovered in the wv library, used for converting and previewing word documents. On exploition an attacker could execute arbitrary code with the privileges of the user running the vulnerable application.
    Debian Security Advisory DSA 579-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    November 1st, 2004             
    Package        : abiword
    Vulnerability  : buffer overflow
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0645
    A buffer overflow vulnerability has been disovered in the wv library,
    used for converting and previewing word documents.  On exploition an
    attacker could execute arbitrary code with the privileges of the user
    running the vulnerable application.
    For the stable distribution (woody) this problem has been fixed in
    version 1.0.2+cvs.2002.06.05-1woody2.
    The package in the unstable distribution (sid) is not affected.
    We recommend that you upgrade your abiword package.
    Upgrade Instructions
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
      Source archives:
          Size/MD5 checksum:     1159 85bb20f96162736e29ade8d6558799d6
          Size/MD5 checksum:    48982 12356a29a3185ef367fd7a18a7374be0
          Size/MD5 checksum: 16407034 0b0e1f3e42a0627a28cea970b099049d
      Architecture independent components:
          Size/MD5 checksum:   950160 e102efac6a16ded87e5e437f687a0310
          Size/MD5 checksum:   189372 96b1fd88bd7c779e692d1f97f4884992
      Alpha architecture:
          Size/MD5 checksum:    12324 db3b4b84b9fe45dcbd3c2e50bdf3ea08
          Size/MD5 checksum:   538558 745ddd234eebaba2d94b4dcb8482eb58
          Size/MD5 checksum:  2069076 b15d6f04af7fe12637fbf3f98bff3570
          Size/MD5 checksum:  1873718 f3c06b0ab36204d17bd7f35b8aaa9d9c
          Size/MD5 checksum:   228192 0f93acbe004457b96665dfd404eb7a0d
      ARM architecture:
          Size/MD5 checksum:    12324 d79bb97457548ab36052e0e311168ac5
          Size/MD5 checksum:   536122 c9a40134dad59a82a902e734c8011f78
          Size/MD5 checksum:  1716898 e16c92223a1d79b11e13723dfe440b70
          Size/MD5 checksum:  1533466 519589fac25720cb9932949a16e435e9
          Size/MD5 checksum:   154748 69f4844084b35e02af75d2350970ae5f
      Intel IA-32 architecture:
          Size/MD5 checksum:    12316 56e899f5073f4ecf10b6cb29802da76f
          Size/MD5 checksum:   533908 f3d4e7035c0d0e9fcf6c53386f9305f6
          Size/MD5 checksum:  1677628 bafc31f34a7f940268acb69e708db7c8
          Size/MD5 checksum:  1491442 a87d8c81b54987eee14cfa5ad4cfa599
          Size/MD5 checksum:   219836 2de08d80c8581d9814047c11e41d98fc
      Intel IA-64 architecture:
          Size/MD5 checksum:    12326 16aae240a8308465fcc04e7f9697d64a
          Size/MD5 checksum:   542536 e9fcc8cb137cde1015f854c6383e803f
          Size/MD5 checksum:  2121940 fb962d5debe790b0a9ea5da9b82f1500
          Size/MD5 checksum:  1939620 d84fc2069f1af2ce581f6a876179c567
          Size/MD5 checksum:   311806 1664fc9ec9ed17f7c355aa2b27c9cb27
      HP Precision architecture:
          Size/MD5 checksum:    12322 fbe7366ac7c2d84eaa840c29bb0f0870
          Size/MD5 checksum:   537778 0e13ea49a4bf688b99297c6fa60ddbe0
          Size/MD5 checksum:  2039786 f91d12d4d6ba552a42cf4562d358f5f3
          Size/MD5 checksum:  1821044 ed470c31af565d3a836dbaed6b5956c9
          Size/MD5 checksum:   195742 8f70554c0e9fab92c733e084ac435796
      Motorola 680x0 architecture:
          Size/MD5 checksum:    12326 fda3aee08b6c7a36552c44c9e18dc2f3
          Size/MD5 checksum:   533074 623de2757f85e5f40404ad7178600900
          Size/MD5 checksum:  1602602 71341f13227b14ebebbdab7307170e5e
          Size/MD5 checksum:  1416262 4123606f88103837cb0b1716e5332edc
          Size/MD5 checksum:   199616 c8cbb04072b54b12e5d790d190ed5e20
      Big endian MIPS architecture:
          Size/MD5 checksum:    12324 2a9e9d8590cbff7e6eae6210dcda5963
          Size/MD5 checksum:   536334 34b58292b19a97c7caf03fa8649f9588
          Size/MD5 checksum:  1701150 4233b20af6d518aef680721c6e9d224f
          Size/MD5 checksum:  1513420 4e9ff72a764e615974d97bd1078955b6
          Size/MD5 checksum:   205038 d02601a4bf14e98e8b43f0773b25e0c4
      Little endian MIPS architecture:
          Size/MD5 checksum:    12322 33fbc540d53404e519a6696930e94193
          Size/MD5 checksum:   536470 367d3892a482f12e69f4a78ab94925b9
          Size/MD5 checksum:  1663230 72a084359b72dbb54d77ccf5fc2dbc5f
          Size/MD5 checksum:  1480868 f3e424b1b36eef3bcb52c422e36393ec
          Size/MD5 checksum:   202908 a145263d08da2e5dad0d611869180def
      PowerPC architecture:
          Size/MD5 checksum:    12316 e4d9763a95a99175919c1da05fbd35d7
          Size/MD5 checksum:   534710 596bbd310236e97c3d967ff6fac45e2a
          Size/MD5 checksum:  1716300 a77a54353c0f17ae35f363931dae7d47
          Size/MD5 checksum:  1527752 1d6a0d11fb0a4c0d59e3a84b9457964d
          Size/MD5 checksum:   211422 bdf81bbb6ad1e18ba5140a06d4ba6493
      IBM S/390 architecture:
          Size/MD5 checksum:    12322 41066489465b7dc84e7512a8b2467215
          Size/MD5 checksum:   535134 7bee77890a9237f6a45d44c9a6fa3fb0
          Size/MD5 checksum:  1603758 13a836f504b4698bce96b010e6c6a1ef
          Size/MD5 checksum:  1417836 da47311e33507bccba7da3ff9eb9a890
          Size/MD5 checksum:   203140 bdaa7fe49b1fb7097e9bf7d8fec42d5c
      Sun Sparc architecture:
          Size/MD5 checksum:    12326 af26ffe3a8a0c96f62f5a93003e11c77
          Size/MD5 checksum:   537396 0b7459a387b34d02fcdf200948022936
          Size/MD5 checksum:  1656854 67a1f7d6d4cc1d0a2c120a61e9983ac2
          Size/MD5 checksum:  1470270 36c383eec00251183eab2e4cd3add41d
          Size/MD5 checksum:   193240 c86d477d0eda07aa9822817933b4413d
      These files will probably be moved into the stable distribution on
      its next update.
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    How do you feel about the elimination of the terms 'blacklist' and 'slave' from the Linux kernel?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"112","title":"I strongly support this change - racially charged language should not be used in the code and documentation of the kernel and other open-source projects.","votes":"3","type":"x","order":"1","pct":42.86,"resources":[]},{"id":"113","title":"I'm indifferent - this small change will not affect broader issues of racial insensitivity and white privilege.","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"114","title":"I'm opposed to this change - there is no need to change language that has been used for years. It doesn't make sense for people to take offense to terminology used in community projects.","votes":"2","type":"x","order":"3","pct":28.57,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.