DSA 579-1: New abiword packages fix arbitrary code execution
Posted on: 11/01/2004 05:24 PM

New abiword packages are available for Debian GNU/Linux

---------------------------------------------------------------------------
Debian Security Advisory DSA 579-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 1st, 2004 http://www.debian.org/security/faq
---------------------------------------------------------------------------

Package : abiword
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-0645

A buffer overflow vulnerability has been disovered in the wv library, used for converting and previewing word documents. On exploition an attacker could execute arbitrary code with the privileges of the user running the vulnerable application.

For the stable distribution (woody) this problem has been fixed in version 1.0.2+cvs.2002.06.05-1woody2.

The package in the unstable distribution (sid) is not affected.

We recommend that you upgrade your abiword package.

Upgrade Instructions
---------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
---------------------------------

Source archives:

http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2.dsc
Size/MD5 checksum: 1159 85bb20f96162736e29ade8d6558799d6
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2.diff.gz
Size/MD5 checksum: 48982 12356a29a3185ef367fd7a18a7374be0
http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05.orig.tar.gz
Size/MD5 checksum: 16407034 0b0e1f3e42a0627a28cea970b099049d

Architecture independent components:

http://security.debian.org/pool/updates/main/a/abiword/abiword-doc_1.0.2+cvs.2002.06.05-1woody2_all.deb
Size/MD5 checksum: 950160 e102efac6a16ded87e5e437f687a0310
http://security.debian.org/pool/updates/main/a/abiword/xfonts-abi_1.0.2+cvs.2002.06.05-1woody2_all.deb
Size/MD5 checksum: 189372 96b1fd88bd7c779e692d1f97f4884992

Alpha architecture:

http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
Size/MD5 checksum: 12324 db3b4b84b9fe45dcbd3c2e50bdf3ea08
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
Size/MD5 checksum: 538558 745ddd234eebaba2d94b4dcb8482eb58
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
Size/MD5 checksum: 2069076 b15d6f04af7fe12637fbf3f98bff3570
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
Size/MD5 checksum: 1873718 f3c06b0ab36204d17bd7f35b8aaa9d9c
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_alpha.deb
Size/MD5 checksum: 228192 0f93acbe004457b96665dfd404eb7a0d

ARM architecture:

http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_arm.deb
Size/MD5 checksum: 12324 d79bb97457548ab36052e0e311168ac5
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_arm.deb
Size/MD5 checksum: 536122 c9a40134dad59a82a902e734c8011f78
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_arm.deb
Size/MD5 checksum: 1716898 e16c92223a1d79b11e13723dfe440b70
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_arm.deb
Size/MD5 checksum: 1533466 519589fac25720cb9932949a16e435e9
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_arm.deb
Size/MD5 checksum: 154748 69f4844084b35e02af75d2350970ae5f

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_i386.deb
Size/MD5 checksum: 12316 56e899f5073f4ecf10b6cb29802da76f
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_i386.deb
Size/MD5 checksum: 533908 f3d4e7035c0d0e9fcf6c53386f9305f6
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_i386.deb
Size/MD5 checksum: 1677628 bafc31f34a7f940268acb69e708db7c8
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_i386.deb
Size/MD5 checksum: 1491442 a87d8c81b54987eee14cfa5ad4cfa599
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_i386.deb
Size/MD5 checksum: 219836 2de08d80c8581d9814047c11e41d98fc

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
Size/MD5 checksum: 12326 16aae240a8308465fcc04e7f9697d64a
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
Size/MD5 checksum: 542536 e9fcc8cb137cde1015f854c6383e803f
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
Size/MD5 checksum: 2121940 fb962d5debe790b0a9ea5da9b82f1500
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
Size/MD5 checksum: 1939620 d84fc2069f1af2ce581f6a876179c567
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_ia64.deb
Size/MD5 checksum: 311806 1664fc9ec9ed17f7c355aa2b27c9cb27

HP Precision architecture:

http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
Size/MD5 checksum: 12322 fbe7366ac7c2d84eaa840c29bb0f0870
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
Size/MD5 checksum: 537778 0e13ea49a4bf688b99297c6fa60ddbe0
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
Size/MD5 checksum: 2039786 f91d12d4d6ba552a42cf4562d358f5f3
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
Size/MD5 checksum: 1821044 ed470c31af565d3a836dbaed6b5956c9
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_hppa.deb
Size/MD5 checksum: 195742 8f70554c0e9fab92c733e084ac435796

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
Size/MD5 checksum: 12326 fda3aee08b6c7a36552c44c9e18dc2f3
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
Size/MD5 checksum: 533074 623de2757f85e5f40404ad7178600900
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
Size/MD5 checksum: 1602602 71341f13227b14ebebbdab7307170e5e
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
Size/MD5 checksum: 1416262 4123606f88103837cb0b1716e5332edc
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_m68k.deb
Size/MD5 checksum: 199616 c8cbb04072b54b12e5d790d190ed5e20

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_mips.deb
Size/MD5 checksum: 12324 2a9e9d8590cbff7e6eae6210dcda5963
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_mips.deb
Size/MD5 checksum: 536334 34b58292b19a97c7caf03fa8649f9588
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_mips.deb
Size/MD5 checksum: 1701150 4233b20af6d518aef680721c6e9d224f
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_mips.deb
Size/MD5 checksum: 1513420 4e9ff72a764e615974d97bd1078955b6
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_mips.deb
Size/MD5 checksum: 205038 d02601a4bf14e98e8b43f0773b25e0c4

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
Size/MD5 checksum: 12322 33fbc540d53404e519a6696930e94193
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
Size/MD5 checksum: 536470 367d3892a482f12e69f4a78ab94925b9
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
Size/MD5 checksum: 1663230 72a084359b72dbb54d77ccf5fc2dbc5f
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
Size/MD5 checksum: 1480868 f3e424b1b36eef3bcb52c422e36393ec
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_mipsel.deb
Size/MD5 checksum: 202908 a145263d08da2e5dad0d611869180def

PowerPC architecture:

http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
Size/MD5 checksum: 12316 e4d9763a95a99175919c1da05fbd35d7
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
Size/MD5 checksum: 534710 596bbd310236e97c3d967ff6fac45e2a
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
Size/MD5 checksum: 1716300 a77a54353c0f17ae35f363931dae7d47
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
Size/MD5 checksum: 1527752 1d6a0d11fb0a4c0d59e3a84b9457964d
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_powerpc.deb
Size/MD5 checksum: 211422 bdf81bbb6ad1e18ba5140a06d4ba6493

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_s390.deb
Size/MD5 checksum: 12322 41066489465b7dc84e7512a8b2467215
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_s390.deb
Size/MD5 checksum: 535134 7bee77890a9237f6a45d44c9a6fa3fb0
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_s390.deb
Size/MD5 checksum: 1603758 13a836f504b4698bce96b010e6c6a1ef
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_s390.deb
Size/MD5 checksum: 1417836 da47311e33507bccba7da3ff9eb9a890
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_s390.deb
Size/MD5 checksum: 203140 bdaa7fe49b1fb7097e9bf7d8fec42d5c

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
Size/MD5 checksum: 12326 af26ffe3a8a0c96f62f5a93003e11c77
http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
Size/MD5 checksum: 537396 0b7459a387b34d02fcdf200948022936
http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
Size/MD5 checksum: 1656854 67a1f7d6d4cc1d0a2c120a61e9983ac2
http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
Size/MD5 checksum: 1470270 36c383eec00251183eab2e4cd3add41d
http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody2_sparc.deb
Size/MD5 checksum: 193240 c86d477d0eda07aa9822817933b4413d


These files will probably be moved into the stable distribution on its next update.


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_579_1_new_abiword_packages_fix_arbitrary_code_execution.html)