[USN-545-1] link-grammar vulnerability
Date: Mon, 26 Nov 2007 16:47:48 -0800
From: Kees Cook <kees@ubuntu.com.>
To: [email protected]
Subject: [USN-545-1] link-grammar vulnerability
Message-ID: <20071127004748.GL8789@outflux.net.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="6WlEvdN9Dv0WHSBl"
Content-Disposition: inline
Organization: Ubuntu
X-MIMEDefang-Filter: outflux$Revision: 1.301 $
X-HELO: gorgon.outflux.net
X-Scanned-By: MIMEDefang 2.57 on 10.2.0.1
X-Virus-Scanned: antivirus-gw at tyumen.ru
--6WlEvdN9Dv0WHSBl
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-545-1 November 26, 2007
link-grammar vulnerability
CVE-2007-5395
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
liblink-grammar4 4.2.2-4ubuntu0.7.10.1
After a standard system upgrade you need to restart AbiWord to effect
the necessary changes.
Details follow:
Alin Rad Pop discovered that AbiWord's Link Grammar parser did not
correctly handle overly-long words. If a user were tricked into opening
a specially crafted document, AbiWord, or other applications using Link
Grammar, could be made to crash.
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar=
_4.2.2-4ubuntu0.7.10.1.diff.gz
Size/MD5: 8372 9d6103a3d8b9055aeb8e9fb151c629d8
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar=
_4.2.2-4ubuntu0.7.10.1.dsc
Size/MD5: 771 3416e046bf63eefc9b8e185666e11b1e
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar=
_4.2.2.orig.tar.gz
Size/MD5: 742163 798c165b7d7f26e60925c30515c45782
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/link-grammar=
-dictionaries-en_4.2.2-4ubuntu0.7.10.1_all.deb
Size/MD5: 261630 b4b9b5e5f1a9b4a04dbf4074add17867
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4-dev_4.2.2-4ubuntu0.7.10.1_amd64.deb
Size/MD5: 129244 0db2bc55f7c9e9f3ce1276020200d6aa
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4_4.2.2-4ubuntu0.7.10.1_amd64.deb
Size/MD5: 98100 de97f8c7fa03e774b6038bd326834f7a
http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-gra=
mmar_4.2.2-4ubuntu0.7.10.1_amd64.deb
Size/MD5: 16430 dbcd4fca4249a475abd450f7009b68de
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4-dev_4.2.2-4ubuntu0.7.10.1_i386.deb
Size/MD5: 111178 d619bf104ae4b3026b4ac7dd7952d5ee
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4_4.2.2-4ubuntu0.7.10.1_i386.deb
Size/MD5: 90558 912431a563343836f56b20daf237c8e8
http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-gra=
mmar_4.2.2-4ubuntu0.7.10.1_i386.deb
Size/MD5: 15706 5a72b07d1b6a825a11148193e94bc5e3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4-dev_4.2.2-4ubuntu0.7.10.1_powerpc.deb
Size/MD5: 130238 7266fb1779805cf1416afb6349142532
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4_4.2.2-4ubuntu0.7.10.1_powerpc.deb
Size/MD5: 97756 c23f581e5b62c6af38f08906f1f6521e
http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-gra=
mmar_4.2.2-4ubuntu0.7.10.1_powerpc.deb
Size/MD5: 17052 c5005abc099c10b7687dd85123dc29a4
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4-dev_4.2.2-4ubuntu0.7.10.1_sparc.deb
Size/MD5: 118768 d88eee3ff0a918780689a72f7e14d2fa
http://security.ubuntu.com/ubuntu/pool/main/l/link-grammar/liblink-gram=
mar4_4.2.2-4ubuntu0.7.10.1_sparc.deb
Size/MD5: 91400 5a14c7a0baa9f2d9ba23f7130896c332
http://security.ubuntu.com/ubuntu/pool/universe/l/link-grammar/link-gra=
mmar_4.2.2-4ubuntu0.7.10.1_sparc.deb
Size/MD5: 16126 6179e67b9eaaef830f1bd7d461fbee62
--6WlEvdN9Dv0WHSBl
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHS2k0H/9LqRcGPm0RAqiBAJ9L18p6o0tmbn9Y7qFrubQ9bKTQdACdEtNj
o7WhzPYpjay55UwD1b23e4o=
=39jK
-----END PGP SIGNATURE-----
--6WlEvdN9Dv0WHSBl--