=========================================================== Ubuntu Security Notice USN-203-1 October 13, 2005 abiword vulnerabilities CAN-2005-2972 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: abiword The problem can be corrected by upgrading the affected package to version 2.0.7+cvs.2004.05.05-1ubuntu3.3 (for Ubuntu 4.10), or 2.2.2-1ubuntu2.2 (for Ubuntu 5.04). After a standard system upgrade you have to restart Abiword to effect the necessary changes. Details follow: Chris Evans discovered several buffer overflows in the RTF import module of AbiWord. By tricking a user into opening an RTF file with specially crafted long identifiers, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user. Updated packages for Ubuntu 4.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3.diff.gz Size/MD5: 53513 e4e2d3d54c83a168e82d70b137ee057c http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3.dsc Size/MD5: 1157 037c7c524016edeaa473c6c0d062bce8 http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05.orig.tar.gz Size/MD5: 21903248 665596f852d4e8d0c31c17fc292d6b29 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-doc_2.0.7+cvs.2004.05.05-1ubuntu3.3_all.deb Size/MD5: 4085668 6e2e530a16e993ad086d42956c5803c2 http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-help_2.0.7+cvs.2004.05.05-1ubuntu3.3_all.deb Size/MD5: 543156 8bc408bd3ad1e666e5e357ae36e53932 http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/xfonts-abi_2.0.7+cvs.2004.05.05-1ubuntu3.3_all.deb Size/MD5: 16596 75430c23dad8ae4d0a7308265d408003 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb Size/MD5: 1455334 d7e4f6e69c1b7a447efceaf04ff68ea0 http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb Size/MD5: 1989318 c268d65eb11b0b52fb60dcc9ba5bedd1 http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb Size/MD5: 26802 b4fa13f3573367b2015988d4f18dc614 http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb Size/MD5: 367222 6474c5943df1fce5bead6694a1261d6a http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb Size/MD5: 1991322 1af7def6dd93a82d2cec1e88ec2d4b5c i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb Size/MD5: 1453160 04cb3db059e360a88db13f1808559450 http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb Size/MD5: 1872762 5e1e82e05a66130fa20bea41fbe095a6 http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb Size/MD5: 26478 f67599750d41755a8b78a04b1dbdde5f http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb Size/MD5: 351082 7da163ac9814bafa7973403a2b8c1193 http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb Size/MD5: 1876422 e9d75623f08356390d4065d472f3c9c9 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb Size/MD5: 1453644 555f171b5a2d416145ec6c6127dbc5d8 http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb Size/MD5: 1972602 46cbb19e7d0ba940af215f0db405bb14 http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb Size/MD5: 27940 e9583dbfa15f30f45f6112d0f75a6236 http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb Size/MD5: 405638 170b9be3298268ec25ba858681a8fa16 http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb Size/MD5: 1977814 e1ae70a2581e791bd387132ff6ed48c3 Updated packages for Ubuntu 5.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2-1ubuntu2.2.diff.gz Size/MD5: 512286 4f9111c0c96189e819605417cef919ba http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2-1ubuntu2.2.dsc Size/MD5: 1133 12447eb5bba474c2c28011b63868b7bf http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2.orig.tar.gz Size/MD5: 27686818 de0910da088c9d36f87ba4baed320aa7 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.2.2-1ubuntu2.2_all.deb Size/MD5: 1611804 c22ad1a8d3a687f84b6f6c8e327bc216 http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-doc_2.2.2-1ubuntu2.2_all.deb Size/MD5: 4093116 d8509ebb24da9e975f7adea5651e1c27 http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-help_2.2.2-1ubuntu2.2_all.deb Size/MD5: 555690 f6f37a6eed302e0aa04e63b3c395e04f http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/xfonts-abi_2.2.2-1ubuntu2.2_all.deb Size/MD5: 20316 823e817b6a7f9359e75e4e70f65c508f amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.2_amd64.deb Size/MD5: 2459120 363c7d7397cc12f0e6cd804a14533a3b http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.2_amd64.deb Size/MD5: 35308 a8aa7db9d7d9695d172ff74c1143163e http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.2_amd64.deb Size/MD5: 366414 098cd51bb43055fcf304d0cc5a10e8ac http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.2_amd64.deb Size/MD5: 2462240 05ee037c9a7c1092f4cac3b095e852ba i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.2_i386.deb Size/MD5: 2305594 58c79c4cdcb8b50c3d1122e8e7d944e5 http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.2_i386.deb Size/MD5: 34506 e3277cd136acf63fb2d8978507f25875 http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.2_i386.deb Size/MD5: 347820 121c8efea7da8dc8e75e406bb737d590 http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.2_i386.deb Size/MD5: 2313410 cff177fcfdfa53d98444d205b32bb4b3 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.2_powerpc.deb Size/MD5: 2437662 a063445c8a12e05f7acd5c4971c10cdc http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.2_powerpc.deb Size/MD5: 37764 a33d01df37344e9ca72e1a4f153cfa7b http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.2_powerpc.deb Size/MD5: 405540 f2ad4fe71f8e2edf22a563ecd221b0af http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.2_powerpc.deb Size/MD5: 2446330 45d0174d1074137d9ea0b0974749bbe8