=========================================================== Ubuntu Security Notice USN-437-1 March 19, 2007 libwpd vulnerability CVE-2007-0002 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: libwpd8c2 0.8.2-2ubuntu0.1 Ubuntu 6.06 LTS: libwpd8c2a 0.8.4-2ubuntu0.1 Ubuntu 6.10: libwpd8c2a 0.8.6-1ubuntu0.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Sean Larsson of iDefense Labs discovered that libwpd was vulnerable to integer overflows. If a user were tricked into opening a specially crafted WordPerfect document with an application that used libwpd, an attacker could execute arbitrary code with user privileges. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd_0.8.2-2ubuntu0.1.diff.gz Size/MD5: 12877 6112a2b9f691cc0dffaaafc634c455fe http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd_0.8.2-2ubuntu0.1.dsc Size/MD5: 789 1a8f8c5e36189e5d90b6fd09bceccf9e http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd_0.8.2.orig.tar.gz Size/MD5: 486490 264e955e19c7e961e22382db09e19597 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/libw/libwpd/libwpd8-doc_0.8.2-2ubuntu0.1_all.deb Size/MD5: 550546 792712b46d5d6508d53409ac13ff1fcf amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd-stream8c2_0.8.2-2ubuntu0.1_amd64.deb Size/MD5: 10298 1040bf7794bdcd2617587893b9979039 http://security.ubuntu.com/ubuntu/pool/universe/libw/libwpd/libwpd-tools_0.8.2-2ubuntu0.1_amd64.deb Size/MD5: 28738 965fdacdd0f6d63fb1d2bc9dae28a6b5 http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8-dev_0.8.2-2ubuntu0.1_amd64.deb Size/MD5: 321604 939b5cb851e4f925a8204ef294ebdb89 http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8c2_0.8.2-2ubuntu0.1_amd64.deb Size/MD5: 155980 e38590d0de376a017a803e862ed65a92 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd-stream8c2_0.8.2-2ubuntu0.1_i386.deb Size/MD5: 10240 bcaa98ae484ac6fee42cd7bfed4f2714 http://security.ubuntu.com/ubuntu/pool/universe/libw/libwpd/libwpd-tools_0.8.2-2ubuntu0.1_i386.deb Size/MD5: 23842 2eb9fa9bf6c0b5b45fb0b8deeb3f930e http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8-dev_0.8.2-2ubuntu0.1_i386.deb Size/MD5: 275584 0d0f4bc63cc44084d21e3c9c3900836a http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8c2_0.8.2-2ubuntu0.1_i386.deb Size/MD5: 143754 099e8b4dca3a31be5094ad09a06fb693 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd-stream8c2_0.8.2-2ubuntu0.1_powerpc.deb Size/MD5: 12016 7f07e4bfd9bcbb9ad5505471be75baf7 http://security.ubuntu.com/ubuntu/pool/universe/libw/libwpd/libwpd-tools_0.8.2-2ubuntu0.1_powerpc.deb Size/MD5: 29600 e0b0e570431ecc902071c8e8996d1aae http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8-dev_0.8.2-2ubuntu0.1_powerpc.deb Size/MD5: 306640 ae3e014828a2dcf801c19b79987d2ba0 http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8c2_0.8.2-2ubuntu0.1_powerpc.deb Size/MD5: 153406 7cd7b68f6d8d18b267c2e78160da0e60 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd-stream8c2_0.8.2-2ubuntu0.1_sparc.deb Size/MD5: 10162 68282b91d7355ef75b73a60291e91bdc http://security.ubuntu.com/ubuntu/pool/universe/libw/libwpd/libwpd-tools_0.8.2-2ubuntu0.1_sparc.deb Size/MD5: 23638 cc47f6e62ad4003c3f13fc7e436ab9ab http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8-dev_0.8.2-2ubuntu0.1_sparc.deb Size/MD5: 255470 f58d4c0b4548aaa19d3591be067a6060 http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8c2_0.8.2-2ubuntu0.1_sparc.deb Size/MD5: 146014 5245bff7ee39cf1feead1fc8c8c7fef5 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd_0.8.4-2ubuntu0.1.diff.gz Size/MD5: 97838 fb9a5d3e6219b5d39b4c7ff2e5b15c06 http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd_0.8.4-2ubuntu0.1.dsc Size/MD5: 815 54d941513fdb5a0cc981e54505d943c7 http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd_0.8.4.orig.tar.gz Size/MD5: 491831 0461d4bf2da534b4bed041b67d7f7064 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/libw/libwpd/libwpd8-doc_0.8.4-2ubuntu0.1_all.deb Size/MD5: 858038 c74942228f1670b121e325d0501b0297 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd-stream8c2a_0.8.4-2ubuntu0.1_amd64.deb Size/MD5: 10932 52e70d47856942622fab091b47a1a5c2 http://security.ubuntu.com/ubuntu/pool/universe/libw/libwpd/libwpd-tools_0.8.4-2ubuntu0.1_amd64.deb Size/MD5: 24368 3958f5d32abadea0f0d80be0dc097aaa http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8-dev_0.8.4-2ubuntu0.1_amd64.deb Size/MD5: 275162 d63784fc556f96fe125011c133a4e27a http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8c2a_0.8.4-2ubuntu0.1_amd64.deb Size/MD5: 147192 78c11c007bd8aad01ba20732902a0bf7 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd-stream8c2a_0.8.4-2ubuntu0.1_i386.deb Size/MD5: 10844 85f4f81a98fbcb1e8e3dcf5af166203f http://security.ubuntu.com/ubuntu/pool/universe/libw/libwpd/libwpd-tools_0.8.4-2ubuntu0.1_i386.deb Size/MD5: 22102 df7396c47948534fac82c1da01f5d221 http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8-dev_0.8.4-2ubuntu0.1_i386.deb Size/MD5: 236710 2a90a994d014e8336286b7686abc111e http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8c2a_0.8.4-2ubuntu0.1_i386.deb Size/MD5: 139672 8d8f4b9114cdbc7b36236203316795e1 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd-stream8c2a_0.8.4-2ubuntu0.1_powerpc.deb Size/MD5: 12628 8dd3d7a0caeacbe4dcaf8a4409d00596 http://security.ubuntu.com/ubuntu/pool/universe/libw/libwpd/libwpd-tools_0.8.4-2ubuntu0.1_powerpc.deb Size/MD5: 26278 c6e92191670c8c70504de241d594a0bb http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8-dev_0.8.4-2ubuntu0.1_powerpc.deb Size/MD5: 273356 c780660d9aadd3f5480377203ac063e8 http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8c2a_0.8.4-2ubuntu0.1_powerpc.deb Size/MD5: 150602 1c79699e0156f955a9efa7c78fec871d sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd-stream8c2a_0.8.4-2ubuntu0.1_sparc.deb Size/MD5: 10832 cb8aedb34fa1b7b00320bbc959d746fa http://security.ubuntu.com/ubuntu/pool/universe/libw/libwpd/libwpd-tools_0.8.4-2ubuntu0.1_sparc.deb Size/MD5: 21746 1ef7fbb734c9953a6eadf27deb8ae1e9 http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8-dev_0.8.4-2ubuntu0.1_sparc.deb Size/MD5: 227776 ef328d7dc664efce1ccd90ea0d97bf0e http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8c2a_0.8.4-2ubuntu0.1_sparc.deb Size/MD5: 141262 50187bd148d8adfefdda11339f7948a7 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd_0.8.6-1ubuntu0.1.diff.gz Size/MD5: 7715 97734527e0131a5506715db7f3f14e2b http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd_0.8.6-1ubuntu0.1.dsc Size/MD5: 814 42effa92437bf54ed6cbee1dde548253 http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd_0.8.6.orig.tar.gz Size/MD5: 560443 464a390c66511831821de81b887d3e61 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8-doc_0.8.6-1ubuntu0.1_all.deb Size/MD5: 928704 e55157a12dcbb481ce62838dc8e4ed42 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd-stream8c2a_0.8.6-1ubuntu0.1_amd64.deb Size/MD5: 12680 7dd1be55e38ad35cb6bfc006b38da32a http://security.ubuntu.com/ubuntu/pool/universe/libw/libwpd/libwpd-tools_0.8.6-1ubuntu0.1_amd64.deb Size/MD5: 26308 5dfd106f9e7b4659c6339c2efdf3b072 http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8-dev_0.8.6-1ubuntu0.1_amd64.deb Size/MD5: 320500 9f6b8a856b2d8ba5f20ffe2fe4bbf3cd http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8c2a_0.8.6-1ubuntu0.1_amd64.deb Size/MD5: 172670 f7b9ed078716753edeaefff05661184b i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd-stream8c2a_0.8.6-1ubuntu0.1_i386.deb Size/MD5: 12728 dbfdc86ab61f65e6d8bb2759b10018c9 http://security.ubuntu.com/ubuntu/pool/universe/libw/libwpd/libwpd-tools_0.8.6-1ubuntu0.1_i386.deb Size/MD5: 24622 f21eff5d9d6e54e6072d2dd5c66999ee http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8-dev_0.8.6-1ubuntu0.1_i386.deb Size/MD5: 284790 2a0be7f711db1607c41cf4f9d2006bcc http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8c2a_0.8.6-1ubuntu0.1_i386.deb Size/MD5: 170728 39024c807154361e45b5a165fcaa42ec powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd-stream8c2a_0.8.6-1ubuntu0.1_powerpc.deb Size/MD5: 14356 638cbcbd394814ce16d15e9b0d7d5bba http://security.ubuntu.com/ubuntu/pool/universe/libw/libwpd/libwpd-tools_0.8.6-1ubuntu0.1_powerpc.deb Size/MD5: 28562 cecab845aa9c3923985e491a29a01804 http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8-dev_0.8.6-1ubuntu0.1_powerpc.deb Size/MD5: 321306 57091277e36bdc9bdd1f4aaedc58473d http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8c2a_0.8.6-1ubuntu0.1_powerpc.deb Size/MD5: 176954 32d193ab348ef736e41516236172dec4 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd-stream8c2a_0.8.6-1ubuntu0.1_sparc.deb Size/MD5: 12520 9d39ec5666cfb20408114491bf40cf30 http://security.ubuntu.com/ubuntu/pool/universe/libw/libwpd/libwpd-tools_0.8.6-1ubuntu0.1_sparc.deb Size/MD5: 23774 1a2c788a59fd74b1507159b98545123d http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8-dev_0.8.6-1ubuntu0.1_sparc.deb Size/MD5: 269230 7fd843838e3889bc65020de53f6ba843 http://security.ubuntu.com/ubuntu/pool/main/libw/libwpd/libwpd8c2a_0.8.6-1ubuntu0.1_sparc.deb Size/MD5: 176076 d46ee305cc9da0f08e7d1baa8dceaccf