Bugtraqmailing list archives
[CLA-2004:902] Conectiva Security Announcement - abiword
From: Conectiva Updates <secure () conectiva com br>
Date: Wed, 1 Dec 2004 13:28:58 -0200
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1- --------------------------------------------------------------------------CONECTIVA LINUX SECURITY ANNOUNCEMENT - --------------------------------------------------------------------------PACKAGE : abiwordSUMMARY : Fix for buffer overflow vulnerabilityDATE : 2004-12-01 13:28:00ID : CLA-2004:902RELEVANTRELEASES : 9, 10- -------------------------------------------------------------------------DESCRIPTION AbiWord[1] is a free word processing program similar to Microsoft(R) Word. Wv[2] is a library which allows access to Microsoft Word files. iDefense[3] discovered[4] a buffer overflow vulnerability[5] in the wv library which could allow an attacker to execute arbitrary code with the privileges of the user running the vulnerable application. This announcement fixes the wv library which is included in AbiWord packages.SOLUTION It is recommended that all AbiWord users in Conectiva Linux upgrade their packages. REFERENCES 1.http://www.abiword.org/ 2.http://wvware.sourceforge.net/ 3.http://www.idefense.com/ 4.http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities&flashstatus=true 5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0645UPDATED PACKAGESftp://atualizacoes.conectiva.com.br/10/SRPMS/abiword-2.0.6-62012U10_1cl.src.rpmftp://atualizacoes.conectiva.com.br/10/RPMS/abiword-2.0.6-62012U10_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/10/RPMS/abiword-clipart-2.0.6-62012U10_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/10/RPMS/abiword-plugins-impexp-2.0.6-62012U10_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/10/RPMS/abiword-plugins-tools-2.0.6-62012U10_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/9/SRPMS/abiword-1.0.4-25186U90_1cl.src.rpmftp://atualizacoes.conectiva.com.br/9/RPMS/abiword-1.0.4-25186U90_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/9/RPMS/abiword-fonts-1.0.4-25186U90_1cl.i386.rpmADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions regarding the use of apt and upgrade examples can be found athttp://distro.conectiva.com.br/atualizacoes/#apt?idioma=en- -------------------------------------------------------------------------All packages are signed with Conectiva's GPG key. The key and instructionson how to import it can be found athttp://distro.conectiva.com.br/seguranca/chave/?idioma=enInstructions on how to check the signatures of the RPM packages can befound athttp://distro.conectiva.com.br/seguranca/politica/?idioma=en- -------------------------------------------------------------------------All our advisories and generic update instructions can be viewed athttp://distro.conectiva.com.br/atualizacoes/?idioma=en- -------------------------------------------------------------------------Copyright (c) 2004 Conectiva Inc.http://www.conectiva.com- -------------------------------------------------------------------------subscribe: conectiva-updates-subscribe () papaleguas conectiva com brunsubscribe: conectiva-updates-unsubscribe () papaleguas conectiva com br-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.0.6 (GNU/Linux)Comment: For info seehttp://www.gnupg.orgiD8DBQFBreM542jd0JmAcZARAgUMAKCnk1s31oZPAwI7SdgLZeggE8q59QCgvzYY+NNIVdJvnyiihCdK7HwUZ20==49Bq-----END PGP SIGNATURE-----
Current thread:
- [CLA-2004:902] Conectiva Security Announcement - abiwordConectiva Updates (Dec 01)