Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


Advisories: November 14, 2005

Nov 15, 2005, 04:45 (0 Talkback[s])

Debian GNU/Linux


Debian Security Advisory DSA 894-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 14th, 2005 http://www.debian.org/security/faq


Package : abiword
Vulnerability : buffer overflows
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2005-2964 CVE-2005-2972

Chris Evans discoverd several buffer overflows in the RTF import mechanism of AbiWord, a WYSIWYG word processor based on GTK 2. Opening a specially crafted RTF file could lead to the execution of arbitrary code.

For the old stable distribution (woody) these problems have been fixed in version 1.0.2+cvs.2002.06.05-1woody3.

For the stable distribution (sarge) these problems have been fixed in version 2.2.7-3sarge2.

For the unstable distribution (sid) these problems have been fixed in version 2.2.10-1.

We recommend that you upgrade your abiword package.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody


Source archives:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3.dsc
      Size/MD5 checksum: 1159 9210aac9957b6cd207775862a1d45f1f
    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3.diff.gz
      Size/MD5 checksum: 50123 0f3df3436e43ce1d5da4b4c21e221bcf
    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05.orig.tar.gz
      Size/MD5 checksum: 16407034 0b0e1f3e42a0627a28cea970b099049d

Architecture independent components:

    http://security.debian.org/pool/updates/main/a/abiword/abiword-doc_1.0.2+cvs.2002.06.05-1woody3_all.deb
      Size/MD5 checksum: 950320 d222e537587d9f91fd38efc9841a58e6
    http://security.debian.org/pool/updates/main/a/abiword/xfonts-abi_1.0.2+cvs.2002.06.05-1woody3_all.deb
      Size/MD5 checksum: 189488 7ba0f3d31f29c1cebfea82a0d231d8f5

Alpha architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
      Size/MD5 checksum: 12432 653ab5c780287dbfaa8bbead1d363660
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
      Size/MD5 checksum: 538646 bcf2ed542e765437affef0fe8541bc3c
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
      Size/MD5 checksum: 2069386 e019b8b99668ef96371cabdfcc21ed06
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
      Size/MD5 checksum: 1873858 a8088abfbde086249c7395d5994a6b83
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
      Size/MD5 checksum: 228334 c26e4e4f04a78e626ae7be7229c775f1

ARM architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_arm.deb
      Size/MD5 checksum: 12434 0ec0f572955999a70ec02f76d1119d9f
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_arm.deb
      Size/MD5 checksum: 536150 ef7a99f7e9f0cef5da0e2125d90eb2f0
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_arm.deb
      Size/MD5 checksum: 1717184 e5db39f5e4b89bb66dad89166c0871c9
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_arm.deb
      Size/MD5 checksum: 1533566 335181116b612f32ff14c6b062920cf3
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_arm.deb
      Size/MD5 checksum: 154850 88e931183c56e22c21d2ed2b6eaf727f

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_i386.deb
      Size/MD5 checksum: 12426 143a7e0e6a86475b0a4faffaa56fe6c6
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_i386.deb
      Size/MD5 checksum: 533942 9f3d73ea537bbc7cc748f4b347011351
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_i386.deb
      Size/MD5 checksum: 1677506 997b0e28a6511258aa7e953189c8916d
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_i386.deb
      Size/MD5 checksum: 1491616 79a369d35495da551010c88fc5d16e53
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_i386.deb
      Size/MD5 checksum: 195028 4417655cdf87e452e533bfceff37035f

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
      Size/MD5 checksum: 12432 ec6bc2b2b32291a24e96ac37e5bef700
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
      Size/MD5 checksum: 542580 d5ee8d4850f02c4bd9a5eb148ff50e12
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
      Size/MD5 checksum: 2122580 6cd0574acb80ae18d3c24fa535edfe64
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
      Size/MD5 checksum: 1940008 8bd8dae64327570f958940dc2de05152
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
      Size/MD5 checksum: 311910 ecec1fedcaa4dd55feca35366f598dc4

HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
      Size/MD5 checksum: 12438 03439f730ccf73e2bb456a98bdd2a489
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
      Size/MD5 checksum: 538040 48c15aee57c59f9ac1d780819dbb7d95
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
      Size/MD5 checksum: 2040050 f3557b782734406275a9c2d74cbdb83a
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
      Size/MD5 checksum: 1821554 e6776a2c4b8ddf0a6ab11d3a1756fa2d
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
      Size/MD5 checksum: 195884 fdd07179430b8b7cf70f1944e1ca8751

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
      Size/MD5 checksum: 12442 b39cce9869fd5ee33ee412c5671a761f
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
      Size/MD5 checksum: 533170 1a26ef16fe1e79936b5af73b310b6279
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
      Size/MD5 checksum: 1602928 ac5e6186a4f31bd97ab9efe5bfa380c6
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
      Size/MD5 checksum: 1416324 93d883e59e22192a11a350302cf9f431
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
      Size/MD5 checksum: 199740 b55f497320d2f7802bebccb506f11b46

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_mips.deb
      Size/MD5 checksum: 12432 6c7604ed802ecb0e7ddf09ee70697caf
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_mips.deb
      Size/MD5 checksum: 536262 036c7fd56f0a8a115241412bb8e528f8
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_mips.deb
      Size/MD5 checksum: 1701222 8c810e11612e5db201bf8506244041ce
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_mips.deb
      Size/MD5 checksum: 1513780 cd3a8526a63516ca89cae731b0e300ea
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_mips.deb
      Size/MD5 checksum: 205144 792becc9b4a78d16f775edf017bd4a67

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
      Size/MD5 checksum: 12434 7d9931545151f9918f9d0c7c019c58a4
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
      Size/MD5 checksum: 536510 343c499d62521e49626e99c50735ab96
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
      Size/MD5 checksum: 1663354 94b4d497ff7ddaa31e30afbe05057504
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
      Size/MD5 checksum: 1480888 00ebf5378e669c8437b5e385f94c6266
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
      Size/MD5 checksum: 203030 ad7dee7e51fbf887ac179d483f359cb6

PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
      Size/MD5 checksum: 12438 3ff0d444f6f5df023844d6ca05d91987
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
      Size/MD5 checksum: 534924 d2bbd28784670dc52bdef79879bde9c1
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
      Size/MD5 checksum: 1716328 67597faf110332672c4234af61228a34
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
      Size/MD5 checksum: 1527968 6b3677b16d1493ef075dcf2c565eaa46
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
      Size/MD5 checksum: 237680 a754e170740217157b2fc6f7960ff0c6

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_s390.deb
      Size/MD5 checksum: 12432 899f2957c202bfd626ce04238ae7c355
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_s390.deb
      Size/MD5 checksum: 535210 6a83523ec1ad7f3789095bce0eec31c2
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_s390.deb
      Size/MD5 checksum: 1603804 f98f8c6be3063c920c174d74a87f51c0
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_s390.deb
      Size/MD5 checksum: 1417916 6dd76f6db3594c69591ef4fec624008e
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_s390.deb
      Size/MD5 checksum: 203268 2a247fc7a1ad5ad69a5550dde7e0e5f0

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
      Size/MD5 checksum: 12434 cde846b41a0d618d5d854a0f63ab43ab
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
      Size/MD5 checksum: 537430 cbd8122f90526919114aa2caa26ab098
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
      Size/MD5 checksum: 1657026 d79737402458bb93fc4cfaa48d8e3b87
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
      Size/MD5 checksum: 1470474 18458d5e37c1e92df7d41bf67b9a4185
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
      Size/MD5 checksum: 193376 e49c7a03769332bf71fa4790c45e7261

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2.dsc
      Size/MD5 checksum: 1115 c1a5491bde1e7de2ba60ef1ba07b6166
    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2.diff.gz
      Size/MD5 checksum: 75303 75b31932db227cc609d28d84f8bf4478
    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7.orig.tar.gz
      Size/MD5 checksum: 28441035 d07e581539479e615a0af0c0a92da9a3

Architecture independent components:

    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_2.2.7-3sarge2_all.deb
      Size/MD5 checksum: 1666180 b68247dabeb710edfa58172f5e40030f
    http://security.debian.org/pool/updates/main/a/abiword/abiword-doc_2.2.7-3sarge2_all.deb
      Size/MD5 checksum: 4085558 67faed1f27bc86f3fa2815d3ae058e17
    http://security.debian.org/pool/updates/main/a/abiword/abiword-help_2.2.7-3sarge2_all.deb
      Size/MD5 checksum: 558460 c3cbd4e961b18476ca7f5e6ddd4e6dba
    http://security.debian.org/pool/updates/main/a/abiword/xfonts-abi_2.2.7-3sarge2_all.deb
      Size/MD5 checksum: 20698 05bf556dd85be4428a0911b6c3d87b4b

Alpha architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_alpha.deb
      Size/MD5 checksum: 2865468 bcb120ac51e1809db9efae4768f66238
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_alpha.deb
      Size/MD5 checksum: 2864100 778e462ca4a0aca78a673adf2d68b5e6
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_alpha.deb
      Size/MD5 checksum: 400976 916e7890de15b4cc814ef837bee6871e
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_alpha.deb
      Size/MD5 checksum: 28442 48350140d2bf3f0921a6259ecf61f5f0

AMD64 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_amd64.deb
      Size/MD5 checksum: 2491560 6d37138df657bc275460f4931270b825
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_amd64.deb
      Size/MD5 checksum: 2484660 fa827b78a857ab7373cc022bdf01deff
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_amd64.deb
      Size/MD5 checksum: 369462 0e91af63f0fa42f4bc3533517a3d07f8
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_amd64.deb
      Size/MD5 checksum: 27992 5eb8d30bd1f5503ce2523bdd807e9edc

ARM architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_arm.deb
      Size/MD5 checksum: 2432880 e4703f6e9beb651dd91439303d1373df
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_arm.deb
      Size/MD5 checksum: 2423262 2637f435c5d0861d0f64d56395768ff3
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_arm.deb
      Size/MD5 checksum: 349248 b385c171802de8078538a8f8b7a63f3d
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_arm.deb
      Size/MD5 checksum: 27510 811da755de8247e13d37e0b1a5882926

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_i386.deb
      Size/MD5 checksum: 2340952 c844959722131837db735280ffe0c192
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_i386.deb
      Size/MD5 checksum: 2330434 911c26e1e23975bc795305e52ad53ce0
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_i386.deb
      Size/MD5 checksum: 358584 ab6ed361e772bf4808dabc56a2880811
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_i386.deb
      Size/MD5 checksum: 27854 12d4eeec28a3a7eff2d4777291c8f192

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_ia64.deb
      Size/MD5 checksum: 3443314 d5cf969d1db44c587f22d3cfe2eaaebf
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_ia64.deb
      Size/MD5 checksum: 3446838 8ed0533abdeebfb82cebe0ac1a8328e7
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_ia64.deb
      Size/MD5 checksum: 450116 78ebf500c547a25485b84aa716eab7e7
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_ia64.deb
      Size/MD5 checksum: 29816 f22cfa0f5096cea6af8afefc245bb031

HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_hppa.deb
      Size/MD5 checksum: 2811614 72e51c5d4230663c93b6f3028b420cba
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_hppa.deb
      Size/MD5 checksum: 2803736 9358dfdc81bdbaeaaacb60af8f76ec2a
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_hppa.deb
      Size/MD5 checksum: 436786 92df6cbe164a52330127c5b007f7efaf
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_hppa.deb
      Size/MD5 checksum: 29178 288c641cc68192aa3b87df9fcb41c522

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_m68k.deb
      Size/MD5 checksum: 2358090 2d566ecb5578b409cf5e3507df7bf8c9
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_m68k.deb
      Size/MD5 checksum: 2348080 5e2397fa9869b2fb5590872c95fe22f1
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_m68k.deb
      Size/MD5 checksum: 369286 d1530b8fcfb28dfa8787662d83634dcf
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_m68k.deb
      Size/MD5 checksum: 27716 881587416e5eb97885bf17f72fed15a8

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_mips.deb
      Size/MD5 checksum: 2550988 81a84402b7a3066e61274f85afd6077a
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_mips.deb
      Size/MD5 checksum: 2543624 9c184c2eacc4a13ba78e1e70ff59fbde
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_mips.deb
      Size/MD5 checksum: 358192 1d221249ac1d7f23529dcc502c5320e0
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_mips.deb
      Size/MD5 checksum: 28354 0625dceebbb691c3312fb1c14c36c743

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_mipsel.deb
      Size/MD5 checksum: 2465622 e4d4d2a6f5994de907960cd14b05c662
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_mipsel.deb
      Size/MD5 checksum: 2456260 5798ef734342be359769f84f2011bd1e
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_mipsel.deb
      Size/MD5 checksum: 354070 d7cd62c4a5f25c28da61bcfbc9b16ccf
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_mipsel.deb
      Size/MD5 checksum: 28300 fe5b25f2b7eed349e2274fa44ead79a2

PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_powerpc.deb
      Size/MD5 checksum: 2473300 c6e7d9e9b32177ea2e4e2819b17338cb
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_powerpc.deb
      Size/MD5 checksum: 2464070 df0769e09e53465b03659e958907c058
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_powerpc.deb
      Size/MD5 checksum: 408478 13d12015c9dd09d94aef49b48a2a45c5
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_powerpc.deb
      Size/MD5 checksum: 29892 a6f075e74ea0dee760efb42fa4244499

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_s390.deb
      Size/MD5 checksum: 2457050 65b8553d57b870b90ee4612391bbc63f
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_s390.deb
      Size/MD5 checksum: 2451094 331bd8ec99321393a69276a087732767
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_s390.deb
      Size/MD5 checksum: 364848 50217fdf5e9bceb77fb34ff455d8ab83
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_s390.deb
      Size/MD5 checksum: 28282 3bca542474684673e0367596524b9132

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_sparc.deb
      Size/MD5 checksum: 2462406 571fcd01d80476714a8ddd87ce34ff17
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_sparc.deb
      Size/MD5 checksum: 2453454 e72adac4cc33128729763bdf3e64177e
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_sparc.deb
      Size/MD5 checksum: 343132 e9fa92049ac7b5b2d76ed58d9cb19273
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_sparc.deb
      Size/MD5 checksum: 27502 8cc7425570da58d6e7adde0a5474f68b

These files will probably be moved into the stable distribution on its next update.



Debian Security Advisory DSA 895-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
November 14th, 2005 http://www.debian.org/security/faq


Package : uim
Vulnerability : programming error
Problem type : local
Debian-specific: no
CVE ID : CVE-2005-3149
Debian Bug : 331620

Masanari Yamamoto discovered incorrect use of environment variables in uim, a flexible input method collection and library, that could lead to escalated privileges in setuid/setgid applications linked to libuim. Affected in Debian is at least mlterm.

The old stable distribution (woody) does not contain uim packags.

For the stable distribution (sarge) this problem has been fixed in version 0.4.6final1-3sarge1.

For the unstable distribution (sid) this problem has been fixed in version 0.4.7-2.

We recommend that you upgrade your libuim packages.

Upgrade Instructions


wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge


Source archives:

    http://security.debian.org/pool/updates/main/u/uim/uim_0.4.6final1-3sarge1.dsc
      Size/MD5 checksum: 1238 7e4fd096d54f49bcb5067e666a7c2099
    http://security.debian.org/pool/updates/main/u/uim/uim_0.4.6final1-3sarge1.diff.gz
      Size/MD5 checksum: 55699 e0e57f66cc5e04f972e2d791c2f9f798
    http://security.debian.org/pool/updates/main/u/uim/uim_0.4.6final1.orig.tar.gz
      Size/MD5 checksum: 1467039 a61636b7eb4cab6c09eb3d661d1d7db4

Architecture independent components:

    http://security.debian.org/pool/updates/main/u/uim/uim-common_0.4.6final1-3sarge1_all.deb
      Size/MD5 checksum: 365460 c4b02ab26ae281a60f8e7d81cab57b44
    http://security.debian.org/pool/updates/main/u/uim/uim_0.4.6final1-3sarge1_all.deb
      Size/MD5 checksum: 1112 e5cd7757d3eb2d61c41ae1500f0b06ab

Alpha architecture:

    http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 111390 5afbbbaa6c8518aa1d5b490dff873364
    http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 111396 2ffaa4908bd01d5344ea574e06aebd8d
    http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 90680 17dd91ba9274ec80b99254589264921c
    http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 206684 87d337207546377efd9fe156d762faf5
    http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 90704 372924f346a7758b68af8dae2a9ae3e6
    http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 206692 2f43f251904afa6789207512da3debef
    http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 17812 5355374dc986f58f10d2b9668daf1025
    http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 13658 89c27a8b954d73f84c47daf374b09615
    http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 17512 94fb9bd4cb0b04ca6f4a0f7699df1c99
    http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 48142 8f3b1289a10fb76333d97f82f5530bd6
    http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 322566 b06c6be094bf30d7a7c15bdf92f36814
    http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 21308 7064156fa4399bf16971715ce968a38b
    http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 21546 3934ead3548e094d9686f118eb7bd29f
    http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 46730 d35014491931c1148597291e026d4895
    http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 8568 a104b03d8cd64e4d676c888bfa5dc2c4
    http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_alpha.deb
      Size/MD5 checksum: 106766 184c1d18ab2e2d1f1532eb0f72411171

AMD64 architecture:

    http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 87726 988960711a336a3bb248dbb916c9f895
    http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 87730 36d962aab590da71db2af1e14457dda5
    http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 84082 b5ca9773556b8676e130ae1630920c19
    http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 198110 bccedae5df83e15d1994886c1477703e
    http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 84110 6a74e7575c1024decbc8192258ab1ce5
    http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 198126 b1dbaa40b6a97781930448aaa4105acb
    http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 16190 8fecebda3812a3390dac479d5ea5808d
    http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 12674 48a3288e666c8dbd3f5dbf486a014809
    http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 16018 9480027b0fffb717e9b15799cbb2bfeb
    http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 45144 8047fa1a02c48a9d8240f9040c40abe4
    http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 307124 1ab9a7de299de858c40a97d0779b37d6
    http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 18454 3ebf0d522dab816e95bfd13ca75b1757
    http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 20438 3d42514847c1c9ef224ef0b03d7fcf6d
    http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 36682 b41dc256e210f85df3932880dbbdbfa4
    http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 7968 745e47e9140c87a24d982495c30c6fba
    http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_amd64.deb
      Size/MD5 checksum: 85636 b763d29f3ededb28a44d4c4519f7c8c5

ARM architecture:

    http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 87688 b0edb17c95df7a8e0d6351addae33933
    http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 87670 9d9805521e805f6b9d0721d4cc99396e
    http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 75614 93656221fb426ebc359f121b92b76c93
    http://security.debian.org/pool/updates/main/u/uim/libuim0-dbg_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 192912 5b9c1156385f6e17b195f37676c3cdce
    http://security.debian.org/pool/updates/main/u/uim/libuim0-nox_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 75638 7667aafe1cc5436422777fb13aa1ea36
    http://security.debian.org/pool/updates/main/u/uim/libuim0-nox-dbg_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 192924 cfcf0aa87691c7696b20968183dcc01d
    http://security.debian.org/pool/updates/main/u/uim/uim-anthy_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 16472 cdbf5aa32e9736816741afb567a69412
    http://security.debian.org/pool/updates/main/u/uim/uim-applet-gnome_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 11406 c7a5891fff3c80b4c60a989e9e41898e
    http://security.debian.org/pool/updates/main/u/uim/uim-canna_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 15862 792effab8706d0e23f0c6e164a8df422
    http://security.debian.org/pool/updates/main/u/uim/uim-fep_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 42946 4dd9d490a98b1938b26008cc6c0424cd
    http://security.debian.org/pool/updates/main/u/uim/uim-gtk2.0_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 287110 b63db3d08363984648f13264565493c3
    http://security.debian.org/pool/updates/main/u/uim/uim-m17nlib_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 17984 1659bb5dd9399aef7a884963fb79c885
    http://security.debian.org/pool/updates/main/u/uim/uim-prime_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 20344 b0f69af8dd931cddbaf486256392859d
    http://security.debian.org/pool/updates/main/u/uim/uim-skk_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 38774 67024a0c821d480d135169fe4ea1558b
    http://security.debian.org/pool/updates/main/u/uim/uim-utils_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 7066 3d22ad91e46d21998ad930da9335af4f
    http://security.debian.org/pool/updates/main/u/uim/uim-xim_0.4.6final1-3sarge1_arm.deb
      Size/MD5 checksum: 75678 818dc1e166c104a105444e7dcf142af9

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/u/uim/libuim-dev_0.4.6final1-3sarge1_i386.deb
      Size/MD5 checksum: 73686 73a6b500b5f271eca00506ea58b91f16
    http://security.debian.org/pool/updates/main/u/uim/libuim-nox-dev_0.4.6final1-3sarge1_i386.deb
      Size/MD5 checksum: 73688 b7271f4ab4691c3eb1855f95e2aea3c9
    http://security.debian.org/pool/updates/main/u/uim/libuim0_0.4.6final1-3sarge1_i386.deb
      Size/MD5 checksum: 71436 c9b6b5e9e522bf7b17cb5925190280d9