=========================================================== Ubuntu Security Notice USN-333-1 August 09, 2006 libwmf vulnerability CVE-2006-3376 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: libwmf0.2-7 0.2.8-1.1ubuntu0.1 Ubuntu 5.10: libwmf0.2-7 0.2.8.3-2ubuntu0.1 Ubuntu 6.06 LTS: libwmf0.2-7 0.2.8.3-3.1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: An integer overflow was found in the handling of the MaxRecordSize field in the WMF header parser. By tricking a user into opening a specially crafted WMF image file with an application that uses this library, an attacker could exploit this to execute arbitrary code with the user's privileges. Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8-1.1ubuntu0.1.diff.gz Size/MD5: 5304 e7805fbd610d936cfd64a4ad5529d604 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8-1.1ubuntu0.1.dsc Size/MD5: 699 b38be3ecef264877a0a8aa57a3ef369f http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.orig.tar.gz Size/MD5: 1620489 269fb225cd44f40cc877fb6c63706112 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8-1.1ubuntu0.1_all.deb Size/MD5: 271748 8ab9644a6b59216b32c4669b8fd1d08d amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8-1.1ubuntu0.1_amd64.deb Size/MD5: 20734 0423e72e4668c7c706e31591e751db7d http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8-1.1ubuntu0.1_amd64.deb Size/MD5: 204060 acfd872c6e935d9df25e055ceb4b1cf3 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8-1.1ubuntu0.1_amd64.deb Size/MD5: 174006 85eab7d6300451d9cb0a05f3b0b0955f i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8-1.1ubuntu0.1_i386.deb Size/MD5: 18732 ff99549d18b4f31a21522e042d87bba6 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8-1.1ubuntu0.1_i386.deb Size/MD5: 190000 0c037a6a429249d2e95f92152cce6233 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8-1.1ubuntu0.1_i386.deb Size/MD5: 164928 e8aa9895eedcf46955a21a5b7114895c powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8-1.1ubuntu0.1_powerpc.deb Size/MD5: 25900 4018e7b12756dd292734e06641d9c215 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8-1.1ubuntu0.1_powerpc.deb Size/MD5: 208320 8445f174ede961f90c0634e786d3d549 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8-1.1ubuntu0.1_powerpc.deb Size/MD5: 178750 b0db830818c196f815c0d26f161a7141 Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-2ubuntu0.1.diff.gz Size/MD5: 7142 f60eca63b5d87fdfb5fd70a20a799122 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-2ubuntu0.1.dsc Size/MD5: 788 4fab72640e6cbc31616d80e9ff1efb5d http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3.orig.tar.gz Size/MD5: 1737021 c7246bb724664189ade7895547387e6a Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8.3-2ubuntu0.1_all.deb Size/MD5: 271728 f1022f283d9cdd656521f8bd1f001337 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-2ubuntu0.1_amd64.deb Size/MD5: 15452 6aacb2892e64bc40eaa73cce7bf6106a http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-2ubuntu0.1_amd64.deb Size/MD5: 197976 d3006052733be31d47830d2f31d3cea8 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2ubuntu0.1_amd64.deb Size/MD5: 174604 e96c6f24abd2c42103118329ac843dd2 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-2ubuntu0.1_i386.deb Size/MD5: 13944 7a000303b7b8b9848dc84c448832462b http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-2ubuntu0.1_i386.deb Size/MD5: 178664 f0287b3bd1ef0211760f25f3776271ba http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2ubuntu0.1_i386.deb Size/MD5: 159446 c53a29f7446d173ad15ab336901c216d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-2ubuntu0.1_powerpc.deb Size/MD5: 19682 68ed2e16fec205e4afe66fee41aedceb http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-2ubuntu0.1_powerpc.deb Size/MD5: 198396 8217bfc3dbd8add5ec7f10072b7064da http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2ubuntu0.1_powerpc.deb Size/MD5: 178588 31bd92a0662e02d7561c6bfe62942021 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-2ubuntu0.1_sparc.deb Size/MD5: 14736 1440557ccc8d651710a479fa52ddf43f http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-2ubuntu0.1_sparc.deb Size/MD5: 193558 b43e73a341c099675ad0f5854708f1f1 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-2ubuntu0.1_sparc.deb Size/MD5: 167780 318f0310c891fbb97d7f66f3feb6bd89 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-3.1ubuntu0.1.diff.gz Size/MD5: 7333 f521b721712b0ab752beebfcacbc2bca http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3-3.1ubuntu0.1.dsc Size/MD5: 787 ba7f7d57497ed05232a1ee2e335136a6 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf_0.2.8.3.orig.tar.gz Size/MD5: 1737021 c7246bb724664189ade7895547387e6a Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-doc_0.2.8.3-3.1ubuntu0.1_all.deb Size/MD5: 271718 965951077a2c870395a0b7ac95bd079a amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.1_amd64.deb Size/MD5: 17938 20f0cc89d3269a20acc92a186e136cb5 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.1_amd64.deb Size/MD5: 207380 3e6194a937189c03f9cd3920c9d2625e http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.1_amd64.deb Size/MD5: 182314 49375dc6d7673b40fc18a36e3fb18bd4 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.1_i386.deb Size/MD5: 16282 d764d015b1b6d54226ea7462c6cc46e8 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.1_i386.deb Size/MD5: 186178 aa417806aabee6b99cc006d51c9432d6 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.1_i386.deb Size/MD5: 167174 35ffec3f86bf13c3cc78a56a3e6b3f66 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.1_powerpc.deb Size/MD5: 23138 bc6dcaf6487a7a37387588464aa7145c http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.1_powerpc.deb Size/MD5: 207374 a58e4fd73d7fda4a0c0ded54a41aee84 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.1_powerpc.deb Size/MD5: 186184 ef834ca675034ea667e96dbb2b833ee0 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/universe/libw/libwmf/libwmf-bin_0.2.8.3-3.1ubuntu0.1_sparc.deb Size/MD5: 17060 9b46ecdd77450c7ca65155336e27a01b http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf-dev_0.2.8.3-3.1ubuntu0.1_sparc.deb Size/MD5: 202286 e83a995ff9afc034ce1fad2c233c41e7 http://security.ubuntu.com/ubuntu/pool/main/libw/libwmf/libwmf0.2-7_0.2.8.3-3.1ubuntu0.1_sparc.deb Size/MD5: 175900 66ee4f8648d68321a6f8e2ed72ab957e