=========================================================== Ubuntu Security Notice USN-300-1 June 14, 2006 wv2 vulnerability CVE-2006-2197 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libwv2-1 0.2.2-1ubuntu1.1 libwv2-dev 0.2.2-1ubuntu1.1 Ubuntu 5.10: libwv2-1c2 0.2.2-1ubuntu2.1 libwv2-dev 0.2.2-1ubuntu2.1 Ubuntu 6.06 LTS: libwv2-1c2 0.2.2-5ubuntu0.1 libwv2-dev 0.2.2-5ubuntu0.1 After a standard system upgrade you need to restart KWord to effect the necessary changes. Details follow: libwv2 did not sufficiently check the validity of its input. Certain invalid Word documents caused a buffer overflow. By tricking a user into opening a specially crafted Word file with an application that uses libwv2, this could be exploited to execute arbitrary code with the user's privileges. The only packaged application using this library is KWord. Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/wv2_0.2.2-1ubuntu1.1.diff.gz Size/MD5: 16104 63df0ae571a2b6aeec69f9cb2373d1b9 http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/wv2_0.2.2-1ubuntu1.1.dsc Size/MD5: 661 b65ca0f07e82728296575737442c23b5 http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/wv2_0.2.2.orig.tar.gz Size/MD5: 855198 45fdc6df614f91e94d3b978dd8414e3b amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-1_0.2.2-1ubuntu1.1_amd64.deb Size/MD5: 243364 6e29b4a9882dce4dffc6d946e0957ca6 http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-dev_0.2.2-1ubuntu1.1_amd64.deb Size/MD5: 183310 5e2b9cbb4f2548b48f0c1c5d34d08c20 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-1_0.2.2-1ubuntu1.1_i386.deb Size/MD5: 232014 af559c86604bf323dadafbf44159125e http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-dev_0.2.2-1ubuntu1.1_i386.deb Size/MD5: 183308 bdb2ca946ba0689ac262c0b907f5fc64 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-1_0.2.2-1ubuntu1.1_powerpc.deb Size/MD5: 221856 a2a7149c998191c373bf9cf3ec312f30 http://security.ubuntu.com/ubuntu/pool/universe/w/wv2/libwv2-dev_0.2.2-1ubuntu1.1_powerpc.deb Size/MD5: 183312 afa93e9c16613bcd9afee555e5a922cd Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-1ubuntu2.1.diff.gz Size/MD5: 16170 7a07243952babcbc99fd59d82290d348 http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-1ubuntu2.1.dsc Size/MD5: 663 293e081bc9ae957ae7dcdcd559f09d05 http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2.orig.tar.gz Size/MD5: 855198 45fdc6df614f91e94d3b978dd8414e3b amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-1ubuntu2.1_amd64.deb Size/MD5: 272274 a9b18398d4266768b0232e0f0441a55d http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-1ubuntu2.1_amd64.deb Size/MD5: 183332 e897aac4010b63ae4fd8c5dc5de9a8aa i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-1ubuntu2.1_i386.deb Size/MD5: 240956 9fec9a49d9cdbe447a37cea80cce0ef5 http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-1ubuntu2.1_i386.deb Size/MD5: 183328 4b48ad49dff6c4c236c0323387a2232c powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-1ubuntu2.1_powerpc.deb Size/MD5: 244644 73b01188d26474efa183eef9cbdaa4d2 http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-1ubuntu2.1_powerpc.deb Size/MD5: 183338 e3adfe6108ae54a24dca635965ec6828 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-5ubuntu0.1.diff.gz Size/MD5: 711482 de2a0a853439ae46d3946d5b51e3bb41 http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2-5ubuntu0.1.dsc Size/MD5: 816 bcfd690cd308fa1cbd4bb87b6fc0714a http://security.ubuntu.com/ubuntu/pool/main/w/wv2/wv2_0.2.2.orig.tar.gz Size/MD5: 855198 45fdc6df614f91e94d3b978dd8414e3b amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-5ubuntu0.1_amd64.deb Size/MD5: 246200 b4fde95a8c49d0ee5a11db3bc79a111d http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-5ubuntu0.1_amd64.deb Size/MD5: 183932 e0033bbc17eb6bd347b9e7d2dc45ebfe i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-5ubuntu0.1_i386.deb Size/MD5: 224862 5e1520c6daf81fde5bd099cda8f4cc8f http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-5ubuntu0.1_i386.deb Size/MD5: 183926 fc25e34d9307a86fb593e94ad9889264 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-1c2_0.2.2-5ubuntu0.1_powerpc.deb Size/MD5: 224956 4246d28c91828b4f10e5b14b13f15056 http://security.ubuntu.com/ubuntu/pool/main/w/wv2/libwv2-dev_0.2.2-5ubuntu0.1_powerpc.deb Size/MD5: 183936 b1fbce3fd76a44478d94c6f8a344ae4d