Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-374-1: wvWare vulnerability
Posted by Bob on: 11/01/2006 08:10 PM [ Print | 0 comment(s) ]
A new wvWare vulnerability update is available for Ubuntu Linux. Here the announcement:
Ubuntu Security Notice USN-374-1 November 01, 2006
wv vulnerability
CVE-2006-4513
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.10:
libwv-1.2-1 1.2.1-2ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
An integer overflow was discovered in the DOC file parser of the wv=20
library. By tricking a user into opening a specially crafted MSWord=20
(.DOC) file, remote attackers could execute arbitrary code with the=20
user's privileges.
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/wv/wv_1.2.1-2ubuntu0.1.di=
ff.gz
Size/MD5: 11929 1162b872e4e77345295a34e0c7fb731b
http://security.ubuntu.com/ubuntu/pool/main/w/wv/wv_1.2.1-2ubuntu0.1.dsc
Size/MD5: 716 4ec3816084073a77df966ff2fec1a40e
http://security.ubuntu.com/ubuntu/pool/main/w/wv/wv_1.2.1.orig.tar.gz
Size/MD5: 628027 d757080af4595839d5d82a1a573c692c
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubu=
ntu0.1_amd64.deb
Size/MD5: 146278 3eb3817dfa782c6e3bcc22c6fb35b8ad
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubunt=
u0.1_amd64.deb
Size/MD5: 202772 30ebeb74c64333e33d5604df48a0f8f0
http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.=
1_amd64.deb
Size/MD5: 90506 a1835a5db7c038487567686e77a95f9a
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubu=
ntu0.1_i386.deb
Size/MD5: 138724 918761ea08c2eb366821648adc571bc3
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubunt=
u0.1_i386.deb
Size/MD5: 180656 f041845463774af932bdd8a848422481
http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.=
1_i386.deb
Size/MD5: 88162 3940c61f26c24d2ac1f66d33a7f00166
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubu=
ntu0.1_powerpc.deb
Size/MD5: 140532 6f76eefa75620e73bfe7738e67618bab
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubunt=
u0.1_powerpc.deb
Size/MD5: 207102 d241cdb9f374c6f6b61c7ce9667f79b6
http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.=
1_powerpc.deb
Size/MD5: 94366 682568966d755eb3e55ef210ff08dd05
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubu=
ntu0.1_sparc.deb
Size/MD5: 136236 a8a17256755dfb88d996972dd76736d7
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubunt=
u0.1_sparc.deb
Size/MD5: 189474 7e263e180bcf218dd6714ab813c9bf97
http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.=
1_sparc.deb
Size/MD5: 88130 413b2fb70a223db99545e4e3ccbe2145
--4ybNbZnZ8tziJ7D6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFSO4VH/9LqRcGPm0RAm2rAKCIn4yFXEC9dKi9GVOnTtlYwi5BDgCfXsyT
rm7iLLcYlhIQK0lZ1CLjbi8=
=nNTb
-----END PGP SIGNATURE-----
wv vulnerability
CVE-2006-4513
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.10:
libwv-1.2-1 1.2.1-2ubuntu0.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
An integer overflow was discovered in the DOC file parser of the wv=20
library. By tricking a user into opening a specially crafted MSWord=20
(.DOC) file, remote attackers could execute arbitrary code with the=20
user's privileges.
Updated packages for Ubuntu 6.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/w/wv/wv_1.2.1-2ubuntu0.1.di=
ff.gz
Size/MD5: 11929 1162b872e4e77345295a34e0c7fb731b
http://security.ubuntu.com/ubuntu/pool/main/w/wv/wv_1.2.1-2ubuntu0.1.dsc
Size/MD5: 716 4ec3816084073a77df966ff2fec1a40e
http://security.ubuntu.com/ubuntu/pool/main/w/wv/wv_1.2.1.orig.tar.gz
Size/MD5: 628027 d757080af4595839d5d82a1a573c692c
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubu=
ntu0.1_amd64.deb
Size/MD5: 146278 3eb3817dfa782c6e3bcc22c6fb35b8ad
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubunt=
u0.1_amd64.deb
Size/MD5: 202772 30ebeb74c64333e33d5604df48a0f8f0
http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.=
1_amd64.deb
Size/MD5: 90506 a1835a5db7c038487567686e77a95f9a
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubu=
ntu0.1_i386.deb
Size/MD5: 138724 918761ea08c2eb366821648adc571bc3
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubunt=
u0.1_i386.deb
Size/MD5: 180656 f041845463774af932bdd8a848422481
http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.=
1_i386.deb
Size/MD5: 88162 3940c61f26c24d2ac1f66d33a7f00166
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubu=
ntu0.1_powerpc.deb
Size/MD5: 140532 6f76eefa75620e73bfe7738e67618bab
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubunt=
u0.1_powerpc.deb
Size/MD5: 207102 d241cdb9f374c6f6b61c7ce9667f79b6
http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.=
1_powerpc.deb
Size/MD5: 94366 682568966d755eb3e55ef210ff08dd05
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-1.2-1_1.2.1-2ubu=
ntu0.1_sparc.deb
Size/MD5: 136236 a8a17256755dfb88d996972dd76736d7
http://security.ubuntu.com/ubuntu/pool/main/w/wv/libwv-dev_1.2.1-2ubunt=
u0.1_sparc.deb
Size/MD5: 189474 7e263e180bcf218dd6714ab813c9bf97
http://security.ubuntu.com/ubuntu/pool/universe/w/wv/wv_1.2.1-2ubuntu0.=
1_sparc.deb
Size/MD5: 88130 413b2fb70a223db99545e4e3ccbe2145
--4ybNbZnZ8tziJ7D6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFFSO4VH/9LqRcGPm0RAm2rAKCIn4yFXEC9dKi9GVOnTtlYwi5BDgCfXsyT
rm7iLLcYlhIQK0lZ1CLjbi8=
=nNTb
-----END PGP SIGNATURE-----
