Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [USN-545-1] link-grammar vulnerability

from [Kees Cook] Network Security [Permanent Link]
Subject: [Full-disclosure] [USN-545-1] link-grammar vulnerability
Date: Mon, 26 Nov 2007 16:47:48 -0800 
=========================================================== 
Ubuntu Security Notice USN-545-1          November 26, 2007
link-grammar vulnerability
CVE-2007-5395
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  liblink-grammar4                4.2.2-4ubuntu0.7.10.1

After a standard system upgrade you need to restart AbiWord to effect
the necessary changes.

Details follow:

Alin Rad Pop discovered that AbiWord's Link Grammar parser did not
correctly handle overly-long words.  If a user were tricked into opening
a specially crafted document, AbiWord, or other applications using Link
Grammar, could be made to crash.


Updated packages for Ubuntu 7.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar_4.2.2-4ubuntu0.7.10.1.diff.gz
      Size/MD5:     8372 9d6103a3d8b9055aeb8e9fb151c629d8
    
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar_4.2.2-4ubuntu0.7.10.1.dsc
      Size/MD5:      771 3416e046bf63eefc9b8e185666e11b1e
    
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar_4.2.2.orig.tar.gz
      Size/MD5:   742163 798c165b7d7f26e60925c30515c45782

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar-dictionaries-en_4.2.2-4ubuntu0.7.10.1_all.deb
      Size/MD5:   261630 b4b9b5e5f1a9b4a04dbf4074add17867

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4ubuntu0.7.10.1_amd64.deb
      Size/MD5:   129244 0db2bc55f7c9e9f3ce1276020200d6aa
    
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4_4.2.2-4ubuntu0.7.10.1_amd64.deb
      Size/MD5:    98100 de97f8c7fa03e774b6038bd326834f7a
    
http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-grammar_4.2.2-4ubuntu0.7.10.1_amd64.deb
      Size/MD5:    16430 dbcd4fca4249a475abd450f7009b68de

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4ubuntu0.7.10.1_i386.deb
      Size/MD5:   111178 d619bf104ae4b3026b4ac7dd7952d5ee
    
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4_4.2.2-4ubuntu0.7.10.1_i386.deb
      Size/MD5:    90558 912431a563343836f56b20daf237c8e8
    
http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-grammar_4.2.2-4ubuntu0.7.10.1_i386.deb
      Size/MD5:    15706 5a72b07d1b6a825a11148193e94bc5e3

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4ubuntu0.7.10.1_powerpc.deb
      Size/MD5:   130238 7266fb1779805cf1416afb6349142532
    
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4_4.2.2-4ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    97756 c23f581e5b62c6af38f08906f1f6521e
    
http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-grammar_4.2.2-4ubuntu0.7.10.1_powerpc.deb
      Size/MD5:    17052 c5005abc099c10b7687dd85123dc29a4

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4ubuntu0.7.10.1_sparc.deb
      Size/MD5:   118768 d88eee3ff0a918780689a72f7e14d2fa
    
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-grammar4_4.2.2-4ubuntu0.7.10.1_sparc.deb
      Size/MD5:    91400 5a14c7a0baa9f2d9ba23f7130896c332
    
http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-grammar_4.2.2-4ubuntu0.7.10.1_sparc.deb
      Size/MD5:    16126 6179e67b9eaaef830f1bd7d461fbee62

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [USN-545-1] link-grammar vulnerability, Kees Cook <=
Previous by Date:  Re: [Full-disclosure] UPDATED: RealNetworks RealPlayer ierpplug.dll ActiveX Control Multiple Stack Overflows, James Matthews
Next by Date:  [Full-disclosure] [USN-546-1] Firefox vulnerabilities, Kees Cook
Previous by Thread:  ZDI-07-069: CA BrightStor ARCserve Backup Message Engine Insecure Method Exposure Vulnerability, zdi-disclosures
Next by Thread:  [Full-disclosure] [USN-546-1] Firefox vulnerabilities, Kees Cook
Indexes:  [Date] [Thread] [Top] [All Lists]