Login
Newsletter
Werbung
Sicherheit: Zahlenüberlauf in wvWare
Aktuelle Meldungen Distributionen
Name: Zahlenüberlauf in wvWare
ID: USN-374-1
Distribution: Ubuntu
Plattformen: Ubuntu 6.10
Datum: Mi, 1. November 2006, 20:15
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4513
Applikationen: wv

Originalnachricht

 

--===============1230908945==
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
 boundary="4ybNbZnZ8tziJ7D6"
Content-Disposition: inline


--4ybNbZnZ8tziJ7D6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

===========================================================
Ubuntu Security Notice USN-374-1          November 01, 2006
wv vulnerability
CVE-2006-4513
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.10:
  libwv-1.2-1                              1.2.1-2ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

An integer overflow was discovered in the DOC file parser of the wv
library.  By tricking a user into opening a specially crafted MSWord
(.DOC) file, remote attackers could execute arbitrary code with the
user's privileges.


Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/w/wv/wv_1.2.1-2ubuntu0.1.di=
ff.gz
      Size/MD5:    11929 1162b872e4e77345295a34e0c7fb731b
    http://security.ubuntu.com/ubuntu/pool/main/w/wv/wv_1.2.1-2ubuntu0.1.dsc
      Size/MD5:      716 4ec3816084073a77df966ff2fec1a40e
    http://security.ubuntu.com/ubuntu/pool/main/w/wv/wv_1.2.1.orig.tar.gz
      Size/MD5:   628027 d757080af4595839d5d82a1a573c692c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubu=
ntu0.1_amd64.deb
      Size/MD5:   146278 3eb3817dfa782c6e3bcc22c6fb35b8ad
    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubunt=
u0.1_amd64.deb
      Size/MD5:   202772 30ebeb74c64333e33d5604df48a0f8f0
    http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.=
1_amd64.deb
      Size/MD5:    90506 a1835a5db7c038487567686e77a95f9a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubu=
ntu0.1_i386.deb
      Size/MD5:   138724 918761ea08c2eb366821648adc571bc3
    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubunt=
u0.1_i386.deb
      Size/MD5:   180656 f041845463774af932bdd8a848422481
    http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.=
1_i386.deb
      Size/MD5:    88162 3940c61f26c24d2ac1f66d33a7f00166

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubu=
ntu0.1_powerpc.deb
      Size/MD5:   140532 6f76eefa75620e73bfe7738e67618bab
    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubunt=
u0.1_powerpc.deb
      Size/MD5:   207102 d241cdb9f374c6f6b61c7ce9667f79b6
    http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.=
1_powerpc.deb
      Size/MD5:    94366 682568966d755eb3e55ef210ff08dd05

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubu=
ntu0.1_sparc.deb
      Size/MD5:   136236 a8a17256755dfb88d996972dd76736d7
    http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubunt=
u0.1_sparc.deb
      Size/MD5:   189474 7e263e180bcf218dd6714ab813c9bf97
    http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.=
1_sparc.deb
      Size/MD5:    88130 413b2fb70a223db99545e4e3ccbe2145


--4ybNbZnZ8tziJ7D6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFSO4VH/9LqRcGPm0RAm2rAKCIn4yFXEC9dKi9GVOnTtlYwi5BDgCfXsyT
rm7iLLcYlhIQK0lZ1CLjbi8=
=nNTb
-----END PGP SIGNATURE-----

--4ybNbZnZ8tziJ7D6--


--===============1230908945==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1230908945==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung