Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [USN-300-1] wv2 vulnerability

from [Martin Pitt] Network Security [Permanent Link]
Subject: [Full-disclosure] [USN-300-1] wv2 vulnerability
Date: Wed, 14 Jun 2006 21:18:04 +0200 
=========================================================== 
Ubuntu Security Notice USN-300-1              June 14, 2006
wv2 vulnerability
CVE-2006-2197
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  libwv2-1                       0.2.2-1ubuntu1.1
  libwv2-dev                     0.2.2-1ubuntu1.1

Ubuntu 5.10:
  libwv2-1c2                     0.2.2-1ubuntu2.1
  libwv2-dev                     0.2.2-1ubuntu2.1

Ubuntu 6.06 LTS:
  libwv2-1c2                     0.2.2-5ubuntu0.1
  libwv2-dev                     0.2.2-5ubuntu0.1

After a standard system upgrade you need to restart KWord to effect
the necessary changes.

Details follow:

libwv2 did not sufficiently check the validity of its input. Certain
invalid Word documents caused a buffer overflow. By tricking a user
into opening a specially crafted Word file with an application that
uses libwv2, this could be exploited to execute arbitrary code with
the user's privileges.

The only packaged application using this library is KWord.

Updated packages for Ubuntu 5.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/wv2_0.2.2-1ubuntu1.1.diff.gz
      Size/MD5:    16104 63df0ae571a2b6aeec69f9cb2373d1b9
    
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/wv2_0.2.2-1ubuntu1.1.dsc
      Size/MD5:      661 b65ca0f07e82728296575737442c23b5
    http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/wv2_0.2.2.orig.tar.gz
      Size/MD5:   855198 45fdc6df614f91e94d3b978dd8414e3b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-1_0.2.2-1ubuntu1.1_amd64.deb
      Size/MD5:   243364 6e29b4a9882dce4dffc6d946e0957ca6
    
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-dev_0.2.2-1ubuntu1.1_amd64.deb
      Size/MD5:   183310 5e2b9cbb4f2548b48f0c1c5d34d08c20

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-1_0.2.2-1ubuntu1.1_i386.deb
      Size/MD5:   232014 af559c86604bf323dadafbf44159125e
    
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-dev_0.2.2-1ubuntu1.1_i386.deb
      Size/MD5:   183308 bdb2ca946ba0689ac262c0b907f5fc64

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-1_0.2.2-1ubuntu1.1_powerpc.deb
      Size/MD5:   221856 a2a7149c998191c373bf9cf3ec312f30
    
http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-dev_0.2.2-1ubuntu1.1_powerpc.deb
      Size/MD5:   183312 afa93e9c16613bcd9afee555e5a922cd

Updated packages for Ubuntu 5.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-1ubuntu2.1.diff.gz
      Size/MD5:    16170 7a07243952babcbc99fd59d82290d348
    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-1ubuntu2.1.dsc
      Size/MD5:      663 293e081bc9ae957ae7dcdcd559f09d05
    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2.orig.tar.gz
      Size/MD5:   855198 45fdc6df614f91e94d3b978dd8414e3b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-1ubuntu2.1_amd64.deb
      Size/MD5:   272274 a9b18398d4266768b0232e0f0441a55d
    
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-1ubuntu2.1_amd64.deb
      Size/MD5:   183332 e897aac4010b63ae4fd8c5dc5de9a8aa

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-1ubuntu2.1_i386.deb
      Size/MD5:   240956 9fec9a49d9cdbe447a37cea80cce0ef5
    
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-1ubuntu2.1_i386.deb
      Size/MD5:   183328 4b48ad49dff6c4c236c0323387a2232c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-1ubuntu2.1_powerpc.deb
      Size/MD5:   244644 73b01188d26474efa183eef9cbdaa4d2
    
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-1ubuntu2.1_powerpc.deb
      Size/MD5:   183338 e3adfe6108ae54a24dca635965ec6828

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-5ubuntu0.1.diff.gz
      Size/MD5:   711482 de2a0a853439ae46d3946d5b51e3bb41
    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-5ubuntu0.1.dsc
      Size/MD5:      816 bcfd690cd308fa1cbd4bb87b6fc0714a
    http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2.orig.tar.gz
      Size/MD5:   855198 45fdc6df614f91e94d3b978dd8414e3b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-5ubuntu0.1_amd64.deb
      Size/MD5:   246200 b4fde95a8c49d0ee5a11db3bc79a111d
    
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-5ubuntu0.1_amd64.deb
      Size/MD5:   183932 e0033bbc17eb6bd347b9e7d2dc45ebfe

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-5ubuntu0.1_i386.deb
      Size/MD5:   224862 5e1520c6daf81fde5bd099cda8f4cc8f
    
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-5ubuntu0.1_i386.deb
      Size/MD5:   183926 fc25e34d9307a86fb593e94ad9889264

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-5ubuntu0.1_powerpc.deb
      Size/MD5:   224956 4246d28c91828b4f10e5b14b13f15056
    
http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-5ubuntu0.1_powerpc.deb
      Size/MD5:   183936 b1fbce3fd76a44478d94c6f8a344ae4d

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [USN-300-1] wv2 vulnerability, Martin Pitt <=
Previous by Date:  Fusion Polls (xtrphome) Remote File Inclusion, SpC-x
Next by Date:  [Full-disclosure] [USN-301-1] kdm vulnerability, Martin Pitt
Previous by Thread:  Fusion Polls (xtrphome) Remote File Inclusion, SpC-x
Next by Thread:  [Full-disclosure] [USN-301-1] kdm vulnerability, Martin Pitt
Indexes:  [Date] [Thread] [Top] [All Lists]