USN-545-1: link-grammar vulnerability
Posted on: 11/27/2007 02:15 AM

A new link-grammar vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-545-1 November 26, 2007
link-grammar vulnerability
CVE-2007-5395
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
liblink-grammar4 4.2.2-4ubuntu0.7.10.1

After a standard system upgrade you need to restart AbiWord to effect
the necessary changes.

Details follow:

Alin Rad Pop discovered that AbiWord's Link Grammar parser did not
correctly handle overly-long words. If a user were tricked into opening
a specially crafted document, AbiWord, or other applications using Link
Grammar, could be made to crash.


Updated packages for Ubuntu 7.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar=
_4.2.2-4ubuntu0.7.10.1.diff.gz
Size/MD5: 8372 9d6103a3d8b9055aeb8e9fb151c629d8
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar=
_4.2.2-4ubuntu0.7.10.1.dsc
Size/MD5: 771 3416e046bf63eefc9b8e185666e11b1e
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar=
_4.2.2.orig.tar.gz
Size/MD5: 742163 798c165b7d7f26e60925c30515c45782

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar=
-dictionaries-en_4.2.2-4ubuntu0.7.10.1_all.deb
Size/MD5: 261630 b4b9b5e5f1a9b4a04dbf4074add17867

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4-dev_4.2.2-4ubuntu0.7.10.1_amd64.deb
Size/MD5: 129244 0db2bc55f7c9e9f3ce1276020200d6aa
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4_4.2.2-4ubuntu0.7.10.1_amd64.deb
Size/MD5: 98100 de97f8c7fa03e774b6038bd326834f7a
http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-gra=
mmar_4.2.2-4ubuntu0.7.10.1_amd64.deb
Size/MD5: 16430 dbcd4fca4249a475abd450f7009b68de

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4-dev_4.2.2-4ubuntu0.7.10.1_i386.deb
Size/MD5: 111178 d619bf104ae4b3026b4ac7dd7952d5ee
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4_4.2.2-4ubuntu0.7.10.1_i386.deb
Size/MD5: 90558 912431a563343836f56b20daf237c8e8
http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-gra=
mmar_4.2.2-4ubuntu0.7.10.1_i386.deb
Size/MD5: 15706 5a72b07d1b6a825a11148193e94bc5e3

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4-dev_4.2.2-4ubuntu0.7.10.1_powerpc.deb
Size/MD5: 130238 7266fb1779805cf1416afb6349142532
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4_4.2.2-4ubuntu0.7.10.1_powerpc.deb
Size/MD5: 97756 c23f581e5b62c6af38f08906f1f6521e
http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-gra=
mmar_4.2.2-4ubuntu0.7.10.1_powerpc.deb
Size/MD5: 17052 c5005abc099c10b7687dd85123dc29a4

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4-dev_4.2.2-4ubuntu0.7.10.1_sparc.deb
Size/MD5: 118768 d88eee3ff0a918780689a72f7e14d2fa
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4_4.2.2-4ubuntu0.7.10.1_sparc.deb
Size/MD5: 91400 5a14c7a0baa9f2d9ba23f7130896c332
http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-gra=
mmar_4.2.2-4ubuntu0.7.10.1_sparc.deb
Size/MD5: 16126 6179e67b9eaaef830f1bd7d461fbee62


--6WlEvdN9Dv0WHSBl
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHS2k0H/9LqRcGPm0RAqiBAJ9L18p6o0tmbn9Y7qFrubQ9bKTQdACdEtNj
o7WhzPYpjay55UwD1b23e4o=
=39jK
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_545_1_link_grammar_vulnerability.html)